Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Silver Bullet and informIT: Jeremiah Grossman

From: stephencraig.evans at gmail.com (Stephen Craig Evans)
Date: Sat, 29 Nov 2008 18:56:46 +0800
Hi Gary,

I think you were on the right path describing software security and
illustrating the difference between software security and web app
security (even though I don't think it was intentional) when you
talked about Pervasive Computing in a BankInfoSecurity podcast
(starting at 5 min 10 sec). It should have been obvious to me before,
but from that I also picked up on the distinction between applications
that need to connect vs. web apps that connect between the client and
the application itself.

For those interested, the podcast is here:
http://www.bankinfosecurity.com/podcasts.php?podcastID=6 (registration
required)

Stephen

On Sat, Nov 15, 2008 at 12:24 AM, Gary McGraw <gem at cigital.com> wrote:

hi sc-l,

Episode 32 of the Silver Bullet Security Podcast went live last night.  This episode features a chat with Web 
security guru Jeremiah Grossman.  Among other things, we talk about the relationship between Web app security and 
software security:
http://www.cigital.com/silverbullet/

Jeremiah and I cross paths out there on the evangelism circuit pretty often and it was nice to catch up with him.

Near the end of our conversation, we raised the idea of whether all Web security problems have analogs in the 
software security space and what that might mean.  After thinking more about that issue, I made it the subject of 
this month's informIT column:
http://www.informit.com/articles/article.aspx?p=1309290

Please let me know what you think about the role that Web application security plays in software security today (and 
whether you think we focus the right amount of attention, too much, or too little).

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com




_______________________________________________
Secure Coding mailing list (SC-L) SC-L at securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________
Previous By Date Next
Previous By Thread Next

Current thread: