Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

How Can You Tell It Is Written Securely?

From: ljknews at mac.com (ljknews)
Date: Tue, 02 Dec 2008 14:35:34 -0500
At 1:47 PM -0500 12/2/08, Andrew van der Stock wrote:

Content-Type: multipart/signed; boundary=Apple-Mail-3-828357388; micalg=sha1;
      protocol="application/pkcs7-signature"

Hi James,

You're absolutely correct - trying to come up with countermeasures for  
730+ issues is crazy. It's much better to have valid controls for the  
minimum number of things that must be done right, and if they are,  
then hey presto, attacks using one or more of those 730+ vulnerability  
classifications either do not work, do no to little damage, and may be  
even trigger an intrusion escalation procedure.


Some of the very important control requirements for 800-53,
8500.2 and PCI DSS have to do with Auditing.  Even if some
irregularity is caused by malfunctioning software rather
than by malicious behavior, having auditing enabled is
crucial to figuring out what _is_ going on.
-- 
Larry Kilgallen
Previous By Date Next
Previous By Thread Next

Current thread: