Secure Coding mailing list archives
Re: Microsoft SDL report card
From: Andy Steingruebl <steingra () gmail com>
Date: Mon, 18 Apr 2011 10:46:06 -0700
On Fri, Apr 15, 2011 at 7:33 AM, Ben Laurie <benl () google com> wrote:
Which is why I am interested in and devoting most of my time now to capability systems.
Ben, Is your work focused on the technical bits of this, or the human interaction pieces? Seems to me that much of the work on technical implementations of capabilities, fine-grained permissions, MAC, etc. have been worked out repeatedly over time and we've never come up with very usable systems. Or ones that stay usable over time.... Try setting the permissions for an application when you install it, or figure out whether it is asking for more permissions than it really needs, etc? Thoughts? - Andy _______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
Current thread:
- Re: Microsoft SDL report card Steven M. Christey (Apr 01)
- <Possible follow-ups>
- Re: Microsoft SDL report card Gary McGraw (Apr 04)
- Re: Microsoft SDL report card Ben Laurie (Apr 05)
- Re: Microsoft SDL report card Gary McGraw (Apr 05)
- Re: Microsoft SDL report card Kevin W. Wall (Apr 05)
- Re: Microsoft SDL report card Ben Laurie (Apr 17)
- Re: Microsoft SDL report card Andy Steingruebl (Apr 18)
- Re: Microsoft SDL report card Ben Laurie (May 03)
- Re: Microsoft SDL report card Gunnar Peterson (May 03)
- Re: Microsoft SDL report card iarce (May 05)
- Re: Microsoft SDL report card Steven M. Christey (May 06)
- Re: Microsoft SDL report card Ben Laurie (Apr 05)