Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

informIT: Building versus Breaking

From: Gary McGraw <gem () cigital com>
Date: Wed, 31 Aug 2011 10:16:34 -0400
hi sc-l,

I went to Blackhat for the first time ever this year (even though I am basically allergic to Las Vegas), and it got me 
started thinking about building things properly versus breaking things in our field.  Blackhat was mostly about 
breaking stuff of course.  I am not opposed to breaking stuff (see "Exploiting Software" from 2004), but I am worried 
about an overemphasis on breaking stuff.

After a quick and dirty blog entry on the subject 
<http://www.cigital.com/justiceleague/2011/08/09/building-versus-breaking-a-white-hat-goes-to-blackhat/>, I sat down 
and wrote a better article about it:

Software [In]security: Balancing All the Breaking with some Building
http://www.informit.com/articles/article.aspx?p=1750195

I've also had a chat with Adam Shostack (a member of the newly formed Blackhat Advisors) about the possibility of 
adding some building content to Blackhat.  Go Adam!

Do you agree that Blackhat could do with some building content??

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justoceleague
book www.swsec.com

_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________
Previous By Date Next
Previous By Thread Next

Current thread: