Secure Coding mailing list archives

BSIMM update (informIT)

From: gem at cigital.com (Gary McGraw)
Date: Thu, 28 Jan 2010 10:34:30 -0500

hi sc-l,

David Rice (author of Geekonomics) is chairing the SANS software security summit in San Francisco next week.  As part 
of the publicity leading up to that event we did a webcast last Friday.  For those of you who were not able to attend 
the webcast, we captured the audio and video and are hosting that here:

http://www.cigital.com/justiceleague/2010/01/28/bsimm-update/

Among other things, David and I discussed the difference between descriptive models like BSIMM and prescriptive models 
which purport to tell you what you should do.  I just wrote an article about that for informIT.  The title is

"Cargo Cult Computer Security: Why we need more description and less prescription."
http://www.informit.com/articles/article.aspx?p=1562220

Hope to see some of you in San Francisco.

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
book www.swsec.com

Current thread:

BSIMM update (informIT) Gary McGraw (Jan 28)
- BSIMM update (informIT) Steven M. Christey (Jan 28)
- BSIMM update (informIT) Kenneth Van Wyk (Feb 03)
  - BSIMM update (informIT) McGovern, James F. (eBusiness) (Feb 04)
    - BSIMM update (informIT) Brian Chess (Feb 04)
    - BSIMM update (informIT) Gary McGraw (Feb 04)
    - BSIMM update (informIT) McGovern, James F. (eBusiness) (Feb 04)
- <Possible follow-ups>
- BSIMM update (informIT) Wall, Kevin (Feb 02)
  - BSIMM update (informIT) Steven M. Christey (Feb 02)
    - BSIMM update (informIT) Gary McGraw (Feb 03)
    - BSIMM update (informIT) Mike Boberski (Feb 03)

(Thread continues...)