Secure Coding mailing list archives
Re: SearchSecurity: Badware versus malware
From: Ben Laurie <benl () google com>
Date: Fri, 11 May 2012 20:39:47 +0100
On 11 May 2012 20:07, Gary McGraw <gem () cigital com> wrote:
The article does not suggest otherwise.
Well, it certainly does _suggest_ it: "All of the things that we do to improve software security are aimed explicitly at the badware problem." It doesn't say it, though, I agree.
gem On 5/11/12 1:51 PM, "Ben Laurie" <benl () google com> wrote:On 8 May 2012 07:18, Gary McGraw <gem () cigital com> wrote:hi sc-l, What¹s worse, bad software or malicious software? In fact, what¹s the difference? My second column for SearchSecurity is all about that. Read it today. And pass it on. http://searchsecurity.techtarget.com/opinion/Gary-McGraw-Eliminating-badw are-addresses-malware-problem Bottom line: Talking about malware may be more fun and entertaining than talking about endless security bugs, but if we¹re going to combat malware we have to start with the badware vector.Fixing badware universally would plug one hole - and it's certainly a hole worth plugging. But it won't eliminate malware - it seems it is not hard to persuade users to install it for you, for example.gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
_______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
Current thread:
- SearchSecurity: Badware versus malware Gary McGraw (May 08)
- Re: SearchSecurity: Badware versus malware Ben Laurie (May 11)
- Re: SearchSecurity: Badware versus malware Gary McGraw (May 12)
- Re: SearchSecurity: Badware versus malware Ben Laurie (May 12)
- Re: SearchSecurity: Badware versus malware Tom Brennan (May 13)
- Re: SearchSecurity: Badware versus malware Gary McGraw (May 12)
- Re: SearchSecurity: Badware versus malware Ben Laurie (May 11)
- <Possible follow-ups>
- Re: SearchSecurity: Badware versus malware Peter G. Neumann (May 10)
- Re: SearchSecurity: Badware versus malware Goertzel, Karen [USA] (May 11)