Secure Coding mailing list archives
BSIMM: Confessions of a Software Security Alchemist (informIT)
From: Stephan.Neuhaus at disi.unitn.it (Stephan Neuhaus)
Date: Thu, 19 Mar 2009 16:53:00 +0100
Hi Gary, On Mar 19, 2009, at 16:27, Gary McGraw wrote:
Hi Stephan, In my view, it would be even better to study the difference in external bug emphasis (as driven by full disclosure and the CVE) and internal bug emphasis (as driven by an organization's own top N list).
That is a brilliant idea, but how do I get "internal bug emphasis"? The companies in question won't hand over their data just like that. Perhaps a little prodding from someone who is well known and trusted could help here, Mr McGraw, Sir. :-) (Actually, I might get at Microsoft data, if I can make the right pitch.)
To put a slightly finer point on it, I wonder whether the "scatter" you can observe outside of the black box looks completely different than the in-the-box view. In this case, an organizations codebase and dev shop is "the box" and the external bug reports are outside. I have a feeling that is it.
Oh that's a very interesting question. As I said, it's a brilliant idea, and I'd love to see this carried out.
Trento has a special place in my heart as I lived there from 8/93-8/94 and worked at IRST.
That is very cool! Also, you are lucky that you worked at IRST then, because the CS department is constructing a new building that will completely ruin the view across the valley from IRST. I don't think they like us much over there :-)
Say hi to Cognola for me.
Will do, even though I live in Povo myself.[1] Fun, Stephan [1] I was told by one of the professors that before the University came here, Povo was the place "where the weird mountain people live". That would hold double for the people who live across the Fersina, for example in Cognola :-)
Current thread:
- BSIMM: Confessions of a Software Security Alchemist (informIT) Gary McGraw (Mar 18)
- BSIMM: Confessions of a Software Security Alchemist (informIT) Steven M. Christey (Mar 18)
- BSIMM: Confessions of a Software Security Alchemist (informIT) Gary McGraw (Mar 18)
- BSIMM: Confessions of a Software Security Alchemist (informIT) Steven M. Christey (Mar 18)
- BSIMM: Confessions of a Software Security Alchemist (informIT) Gary McGraw (Mar 18)
- BSIMM: Confessions of a Software Security Alchemist (informIT) Steven M. Christey (Mar 18)
- BSIMM: Confessions of a Software Security Alchemist (informIT) Stephan Neuhaus (Mar 19)
- BSIMM: Confessions of a Software Security Alchemist (informIT) Gary McGraw (Mar 19)
- BSIMM: Confessions of a Software Security Alchemist (informIT) Stephan Neuhaus (Mar 19)
- BSIMM: Confessions of a Software Security Alchemist (informIT) Gary McGraw (Mar 18)
- BSIMM: Confessions of a Software Security Alchemist (informIT) John Steven (Mar 19)
- BSIMM: Confessions of a Software Security Alchemist (informIT) Gary McGraw (Mar 19)
- BSIMM: Confessions of a Software Security Alchemist (informIT) Jim Manico (Mar 19)
- BSIMM: Confessions of a Software Security Alchemist (informIT) Gary McGraw (Mar 19)
- BSIMM: Confessions of a Software Security Alchemist (informIT) Benjamin Tomhave (Mar 19)
- BSIMM: Confessions of a Software Security Alchemist (informIT) kowsik (Mar 19)
- BSIMM: Confessions of a Software Security Alchemist(informIT) Goertzel, Karen [USA] (Mar 20)
- BSIMM: Confessions of a Software Security Alchemist(informIT) Benjamin Tomhave (Mar 20)
- Message not available
- BSIMM: Confessions of a Software Security Alchemist(informIT) Benjamin Tomhave (Mar 20)
- BSIMM: Confessions of a Software Security Alchemist (informIT) Steven M. Christey (Mar 18)
- BSIMM: Confessions of a Software SecurityAlchemist(informIT) Pravir Chandra (Mar 20)