Contents of SC-L digest..

[jgrembi at gmail.com (Jason Grembi)]

I just wanted to chime in with my two cents on the top N list.

I have witnessed (and developed) secure programs that were built to defend
attacks identified in secure requirements (i.e. data validation and data
transformation)   But the one vulnerability that keeps popping up is weak
authentication.  Most business apps rely (and can only afford) one the most
basic use of authentication; username and passwords.



I would like to see the basic the use of one tier authentication on a Bug
Parade list. It is by design a weak link and I think the business community
needs to understand that a stronger authentication policy is just as
important as data validation.



I agree with GEM when he wrote that Executives don't care about technical
bugs; but a Bug Parade lists does help highlight the usual list of suspects
that need to be dealt with.  Thus it justifies the additional spending on
secure design and development.



Jason Grembi


-- 
THE INFORMATION CONTAINED IN THIS MESSAGE AND ANY ATTACHMENT MAY BE
PRIVILEGED, CONFIDENTIAL, PROPRIETARY OR OTHERWISE PROTECTED FROM
DISCLOSURE. If the reader of this message is not the intended recipient, you
are hereby notified that any dissemination, distribution, copying or use of
this message and any attachment is strictly prohibited. If you have received
this message in error, please notify us immediately by replying to the
message and permanently delete it from your computer and destroy any
printout thereof.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://krvw.com/pipermail/sc-l/attachments/20090115/32ccf510/attachment.html