Secure Coding mailing list archives
How Can You Tell It Is Written Securely?
From: ljknews at mac.com (ljknews)
Date: Tue, 02 Dec 2008 14:35:34 -0500
At 1:47 PM -0500 12/2/08, Andrew van der Stock wrote:
Content-Type: multipart/signed; boundary=Apple-Mail-3-828357388; micalg=sha1; protocol="application/pkcs7-signature" Hi James, You're absolutely correct - trying to come up with countermeasures for 730+ issues is crazy. It's much better to have valid controls for the minimum number of things that must be done right, and if they are, then hey presto, attacks using one or more of those 730+ vulnerability classifications either do not work, do no to little damage, and may be even trigger an intrusion escalation procedure.
Some of the very important control requirements for 800-53, 8500.2 and PCI DSS have to do with Auditing. Even if some irregularity is caused by malfunctioning software rather than by malicious behavior, having auditing enabled is crucial to figuring out what _is_ going on. -- Larry Kilgallen
Current thread:
- How Can You Tell It Is Written Securely? Mark Rockman (Nov 26)
- How Can You Tell It Is Written Securely? ljknews (Nov 27)
- How Can You Tell It Is Written Securely? Stephen Craig Evans (Nov 27)
- How Can You Tell It Is Written Securely? Dana Epp (Nov 27)
- How Can You Tell It Is Written Securely? Jim Manico (Nov 27)
- How Can You Tell It Is Written Securely? McGovern, James F (HTSC, IT) (Nov 30)
- How Can You Tell It Is Written Securely? Andrew van der Stock (Dec 02)
- How Can You Tell It Is Written Securely? ljknews (Dec 02)
- How Can You Tell It Is Written Securely? McGovern, James F (HTSC, IT) (Nov 30)
- How Can You Tell It Is Written Securely? Stephen Craig Evans (Dec 01)
- <Possible follow-ups>
- FW: How Can You Tell It Is Written Securely? Herman Stevens (Dec 01)
- FW: How Can You Tell It Is Written Securely? Marcin Wielgoszewski (Dec 01)
- FW: How Can You Tell It Is Written Securely? Herman Stevens (Dec 01)
- FW: How Can You Tell It Is Written Securely? McGovern, James F (HTSC, IT) (Dec 01)
- FW: How Can You Tell It Is Written Securely? Jim Manico (Dec 01)
- FW: How Can You Tell It Is Written Securely? McGovern, James F (HTSC, IT) (Dec 01)
- FW: How Can You Tell It Is Written Securely? McGovern, James F (HTSC, IT) (Dec 01)
- FW: How Can You Tell It Is Written Securely? Marcin Wielgoszewski (Dec 01)