Hi SC-L folks,
Ken van Wyk and I (we wrote “Secure Coding”, in 2003) are working on a new
book. It’s about how software developers and enterprise security specialists
can work together to help make a business safer.
The project is not moving fast enough for us, so we’d like to take on one or
Fascinating and heartening development. Raises a couple of questions in my
mind.
1. Why now? Many worthies, myself included during my years at Sun, have been
crying for years/decades *from within the software industry* for just such a
shift. So what has changed? Ken and I outlined in "Secure C
There's another point to consider, when talking about whether True Security
is Possible. And I have to say I've never been happy with the forms I've
found so far to express it...
Security, in many cases, decays. It's like what we used to call, in the Old
Days, "bit rot". Software that has "work
Gary McGraw said:
> Ed Felten and I found out early on (back in 1996) that you can use the
> press as a lever to get companies to do the right thing. We learned
> this when releasing the very first Java Security hole. We found out
> that Sun paid much more attention once USA Today picked up the