Re: [External] Firewalls, Fairy Dust, and Forensics

[Gary McGraw <gem () cigital com>]

hi karen,

Good point, and one that I usually make!  I agree.

gem

On 4/1/14, 9:16 AM, "Goertzel, Karen [USA]" <goertzel_karen () bah com> wrote:

> The one point that's missing from the article is to remind people: What
> the heck do you think firewalls are made of? Software! So unless a
> software manufacturer has got "software security religion", their product
> is just as likely to be "broken" inside than the things it allegedly
> protects. 
>
> ===
> Karen Mercedes Goertzel, CISSP
> Lead Associate
> Booz Allen Hamilton
> 703.698.7454
> goertzel_karen () bah com
>
> "I love humans. Always seeing patterns in things that aren't there."
> - The Doctor
>
> ________________________________________
> From: SC-L [sc-l-bounces () securecoding org] on behalf of Gary McGraw
> [gem () cigital com]
> Sent: 31 March 2014 18:40
> To: Secure Code Mailing List
> Subject: [External]  [SC-L] Firewalls, Fairy Dust, and Forensics
>
> hi sc-l,
>
> Ever get discouraged that we have not been making enough progress in
> software security?  Well, we have been making plenty of progress and our
> field is growing fast!   This peppy little article (co-authored with
> Sammy Migues) explains why firewalls, fairy dust, and forensics are not
> working out for computer security.
>
> Oh, and software security is growing at 20% CAGR and now accounts for 10%
> of the computer security market (which is itself growing at 8.9%).  We
> are in the right field, and the this mailing list is a major help.
>
> Please read this: 
> http://searchsecurity.techtarget.com/opinion/McGraw-Firewalls-fairy-dust-a
> nd-forensics-Try-software-security  Then have your SSG members read it.
> You do have an SSG, right?
>
> Feel free to post links to twitter, facebook, linkedin, and send it
> around (by pointer).  I would really appreciate that.
>
> Thanks!
>
> gem
>
> company www.cigital.com
> podcast www.cigital.com/silverbullet
> blog www.cigital.com/justiceleague
> book www.swsec.com
>
> _______________________________________________
> Secure Coding mailing list (SC-L) SC-L () securecoding org
> List information, subscriptions, etc -
> http://krvw.com/mailman/listinfo/sc-l
> List charter available at - http://www.securecoding.org/list/charter.php
> SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
> as a free, non-commercial service to the software security community.
> Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
> _______________________________________________


_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________