I read the paper, and found it interesting. I read the statistic "50 percent of security problems are the result of design flaws". Where does that number come from? Experience?
I also liked the statement, "few traditional methodologies adequately address the contextual variability of risk given changes in the core environment. This is a fatal flaw when considering highly distributed applications or Web services". Although we can teach people to write more secure code, people must configure their systems securely. - Jared On Fri, Jul 02, 2004 at 04:00:47PM -0400, Gary McGraw wrote: > Hi all, > > The third article in my IEEE Security & Privacy magazine series called > "Building Security In" is on Risk Analysis in Software Design. This > article was co-authored by Denis Verdon of Fidelity National. As a > service to the community, we're making advance copies available here: > > http://www.cigital.com/papers/download/risk-analysis.pdf > > I am sure many of you already subscribe to S&P. If you don't yet, you > should...check out http://www.computer.org/security/. > > gem
