BSI: IEEE article on seven pernicious kingdoms

[gem at cigital.com (Gary McGraw)]

Hi all,

It has been some time since I announced an installment of "Building
Security In" in IEEE Security & Privacy magazine.  I have been busy
writing a new book called "Software Security" to be released in
February.  The book is based on the idea of the touchpoints first
introduced and discussed in the BSI series.  You can find copies of the
BSI articles here <http://www.cigital.com/resources/gem/>.  The most
recent article "Seven Pernicious Kingdoms: A Taxonomy of Software
Security Errors" was co-authored with Katrina Tsipenyuk and Brian Chess.
It is about how to classify and categorize security bugs. A complete
list of the articles is pasted below.

I am sure many of you already subscribe to S&P.  If you don't yet, you
should...check out <http://www.computer.org/security/>.  Note that you
can subscribe for $29 even without being an IEEE member
<https://newton.computer.org/sssubs.nsf/application?openform&code=sp>.
BTW, the lead story in the new issue is covered by the NY Times today
(FBI wiretapping hack).

In related news, I am pleased to announce the existence of the
Addison-Wesley Software Security Series which I will edit.  More on that
later.  In the meantime, if you're interested in writing an in depth
technical book about software security please let me know.

gem

Gary McGraw, Ph.D.
CTO, Cigital
http://www.cigital.com

The S&P Building Security In series

Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors
(November/December 2005)
Bridging the Gap Between Software Development and Information Security
(September/October 2005)
A Portal for Software Security (July/August 2005)
Adopting a Software Security Improvement Program (May/June 2005)
Knowledge for Software Security (March/April 2005)
Software Penetration Testing (January/February 2005)
Static Analysis for Security (November/December 2004)
Software Security Testing (September/October 2004)
Risk Analysis in Software Design (July/August 2004)
Misuse and Abuse Cases: Getting Past the Positive (May/June 2004)
Software Security (March/April 2004)


----------------------------------------------------------------------------
This electronic message transmission contains information that may be
confidential or privileged.  The information contained herein is intended
solely for the recipient and use by any other party is not authorized.  If
you are not the intended recipient (or otherwise authorized to receive this
message by the intended recipient), any disclosure, copying, distribution or
use of the contents of the information is prohibited.  If you have received
this electronic message transmission in error, please contact the sender by
reply email and delete all copies of this message.  Cigital, Inc. accepts no
responsibility for any loss or damage resulting directly or indirectly from
the use of this email or its contents.
Thank You.
----------------------------------------------------------------------------