Feeds:
Posts
Comments

Posts Tagged ‘Adam Shostack’

Michal Zalewski, a security researcher at Google, recently wrote a guest editorial for ZDNet entitled “Security Engineering: Broken Promises”. The article lays out a series of issues with the security industry, specifically looking at an inability to provide any suitable frameworks for software assurance or code security.

We have in essence completely failed to come up with even the most rudimentary, usable frameworks for understanding and assessing the security of modern software; and spare for several brilliant treatises and limited-scale experiments, we do not even have any real-world success stories to share. The focus is almost exclusively on reactive, secondary security measures: vulnerability management, malware and attack detection, sandboxing, and so forth; and perhaps on selectively pointing out flaws in somebody else’s code. The frustrating, jealously guarded secret is that when it comes to actually enabling others to develop secure systems, we deliver far less value than could be expected.

(more…)

Read Full Post »

btp2

Not too long ago I embarked on a creating a podcast series that would provide more regularity than the blog. Beyond the Perimeter has been a tremendous amount of fun and as we just posted our 50th podcast I wanted to reflect on some of the highlights and wonderful guests we have been honored to have joined us.

Beyond the Perimeter iTunes subscription

Beyond the Perimeter Direct XML Feed

(more…)

Read Full Post »

Follow

Get every new post delivered to your Inbox.

Join 41 other followers