Re: informIT: Building versus Breaking

["Kevin W. Wall" <kevin.w.wall () gmail com>]

On Fri, Sep 2, 2011 at 6:19 PM, Chris Schmidt <chrisisbeef () gmail com> wrote:
> On Sep 2, 2011, at 10:44 AM, "Goertzel, Karen [USA]" <goertzel_karen () bah com> wrote:
> > What we need is to start building software that can fight back. Then we
> > could become part of "cyber warfare" which is much sexier than "software
> > assurance". :)
>
> Simple. Owasp esapi + owasp appsensor + honeypot = win

I'd still consider that defensive. If you want" cyber warfare" and are willing
to go over to the dark side, you can define your own custom AppSensor response
actionsto act offensively. For instance, you could easily try to
download malware
to the attacker or mount a DoS attack against them.

Personally, I don't recommend such escalation though, even if it is a
tit-for-tat
strategy. Reacting in that manner is likely to make you a criminal as well.

-kevin
-- 
Blog: http://off-the-wall-security.blogspot.com/
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We *cause* accidents."        -- Nathaniel Borenstein

_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________