Re: informIT: Building versus Breaking

[Chris Schmidt <chrisisbeef () gmail com>]

Simple. Owasp esapi + owasp appsensor + honeypot = win

Sent from my iPwn

On Sep 2, 2011, at 10:44 AM, "Goertzel, Karen [USA]" <goertzel_karen () bah com> wrote:

> What we need is to start building software that can fight back. Then we could become part of "cyber warfare" which is 
> much sexier than "software assurance". :)
>
> ===
> Karen Mercedes Goertzel, CISSP
> Booz Allen Hamilton
> 703.698.7454
> goertzel_karen () bah com
>
> Sorry, you have reached an imaginary number. 
> If you require a real number, please rotate 
> your phone by ninety degrees and try again.
> From: sc-l-bounces () securecoding org [sc-l-bounces () securecoding org] on behalf of Rafal [rafal () ishackingyou 
> com]
> Sent: 01 September 2011 22:59
> To: coley () linus mitre org; shadown () gmail com
> Cc: adam () homeport org; sc-l () securecoding org
> Subject: Re: [SC-L] informIT: Building versus Breaking
>
> Steve,
>   I think that the problem we have here is classic - defense isnta sexy. I think you could get DHS to sponsor one 
> maybe? I think between some government funds, and some vendor support you'd be OK on costs, but the larger question 
> of whether people would come... only time would tell.
>
>
>
>
> Rafal Los - Security & Intelligence |  Voice/Text: (765) 247-2325  | Twitter: @RafalLos
>
> "Steven M. Christey" <coley () linus mitre org> wrote:
>
> While I'd like to see Black Hat add some more defensive-minded tracks, I 
> just realized that this desire might a symptom of a larger problem: there 
> aren't really any large-scale conferences dedicated to defense / software 
> assurance.  (The OWASP conferences are heavily web-focused; Dept. of 
> Homeland Security has its software assurance forum and working groups, but 
> those are relatively small.)
>
> If somebody built it, would anybody come?
>
> - Steve
> _______________________________________________
> Secure Coding mailing list (SC-L) SC-L () securecoding org
> List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
> List charter available at - http://www.securecoding.org/list/charter.php
> SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
> as a free, non-commercial service to the software security community.
> Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
> _______________________________________________
> _______________________________________________
> Secure Coding mailing list (SC-L) SC-L () securecoding org
> List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
> List charter available at - http://www.securecoding.org/list/charter.php
> SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
> as a free, non-commercial service to the software security community.
> Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
> _______________________________________________
_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________