Secure Coding mailing list archives
Re: SearchSecurity: Badware versus malware
From: Tom Brennan <tomb () owasp org>
Date: Sat, 12 May 2012 18:25:46 -0400
OWASP Has started month awareness proble/solution see updated: http://www.owasp.com Point you ask...... As a united community we raise visibility for the problem that results in a ecosystem - lets make noise about it together, monthly and globally from the builder / breaker & defender perspectives On May 11, 2012, at 3:39 PM, Ben Laurie <benl () google com> wrote:
On 11 May 2012 20:07, Gary McGraw <gem () cigital com> wrote:The article does not suggest otherwise.Well, it certainly does _suggest_ it: "All of the things that we do to improve software security are aimed explicitly at the badware problem." It doesn't say it, though, I agree.gem On 5/11/12 1:51 PM, "Ben Laurie" <benl () google com> wrote:On 8 May 2012 07:18, Gary McGraw <gem () cigital com> wrote:hi sc-l, What¹s worse, bad software or malicious software? In fact, what¹s the difference? My second column for SearchSecurity is all about that. Read it today. And pass it on. http://searchsecurity.techtarget.com/opinion/Gary-McGraw-Eliminating-badw are-addresses-malware-problem Bottom line: Talking about malware may be more fun and entertaining than talking about endless security bugs, but if we¹re going to combat malware we have to start with the badware vector.Fixing badware universally would plug one hole - and it's certainly a hole worth plugging. But it won't eliminate malware - it seems it is not hard to persuade users to install it for you, for example.gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates ______________________________________________________________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
_______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
Current thread:
- SearchSecurity: Badware versus malware Gary McGraw (May 08)
- Re: SearchSecurity: Badware versus malware Ben Laurie (May 11)
- Re: SearchSecurity: Badware versus malware Gary McGraw (May 12)
- Re: SearchSecurity: Badware versus malware Ben Laurie (May 12)
- Re: SearchSecurity: Badware versus malware Tom Brennan (May 13)
- Re: SearchSecurity: Badware versus malware Gary McGraw (May 12)
- Re: SearchSecurity: Badware versus malware Ben Laurie (May 11)
- <Possible follow-ups>
- Re: SearchSecurity: Badware versus malware Peter G. Neumann (May 10)
- Re: SearchSecurity: Badware versus malware Goertzel, Karen [USA] (May 11)