Software security video podcast

[jms at bughunter.ca (J.M. Seitz)]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Software security can be tricky when it comes to requirements, 
> mostly because customers and consumers don't explicitly demand
security, rather they impicitly expect it.

Wait a second here, don't customers also implicitly expect that the
software is going to run? I mean I haven't seen a requirements document
_ever_ that has said "The software must start.". They just implicitly
expect that its going to do that.

Doesn't seem like a big surprise that most customers will _expect_ that
"Hey, I don't want this software pwnable after you're done with it."

Not sure where the trickiness you are referring to comes from?

JS

ps. Didn't AW publish your book(s)? :) I would be real surprised
[turning on Tom Ptaceks snarky bit] if there's any mention of them.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHF9LQKEj7ZJktQNsRAj7XAJ4n02GXp1VIBXSqRYhOhk3oLQDVDgCeNZ8X
MpcLEq7QUXtk8ENmGb2TqaQ=
=Sdb7
-----END PGP SIGNATURE-----