[SC-L] Foreword to Chess/West

2007-07-07 Thread Gary McGraw 
Hi sc-l,

I posted the foreword that I wrote for Secure Programming with Static 
Analysis on the justiceleague blog today.  Check it out:

http://www.cigital.com/justiceleague/2007/07/06/from-the-foreword-to-secure-programming-with-static-analysis/

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com

___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___

[SC-L] Video: security, software, software security

2007-07-07 Thread Gary McGraw 
Hi sc-l,

Addison-Wesley's parent company Pearson debuted a vodcast series recently.  One 
day they plan to have a website of their own (don't ask), but for now the 
series can be found on iTunes.  For those three of you who don't use iTunes, I 
apologize.

Of interest to sc-l subscribers, the series includes a video about Exploiting 
Online Games (releasing next week):
http://phobos.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=257338614s=143441i=17074019

And a video about Secure Programming with Static Analysis
http://phobos.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=257763157s=143441i=17074030

Hope you enjoy the series.

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com

___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___

[SC-L] Metricon 2.0

2007-07-07 Thread Gunnar Peterson 
SC-Lers,

There are several presentations at Metricon by or of interest to SC-L
denizens.

-gp

The agenda for Metricon 2.0 in Boston August 7th has been set. Metricon is
co-located with Usenix security conference. The details, travel info,
registration, and agenda are here:

https://www.securitymetrics.org/content/Wiki.jsp?page=Metricon2.0

There are a limited number of openings so please REGISTER SOON if interested
in attending.
 
A summary of the presentations

Keynote Debate: ³Do Metrics Matter?² Andrew Jaquith (Yankee Group)  Mike
Rothman (SecurityIncite)

Security Meta Metrics--Measuring Agility, Learning, and Unintended
Consequence Russell Cameron Thomas (Meritology)

Security Metrics in Practice: Development of a Security Metric System to
Rate Enterprise Software Fredrick DeQuan Lee and Brian Chess (Fortify)

A Software Security Risk Classification System  Eric Dalci and Robert
Hines (Cigital) 

Web Application Security Metrics Jeremiah Grossman (WhiteHat Security)

Operational Security Risk Metrics: Definitions, Calculations, and
Visualizations, Brian Laing, Mike Lloyd, and Alain Mayer (Redseal Systems)

Metrics for Network Security Using Attack Graphs: A Position Paper, Anoop
Singhal (NIST), Lingyu Wang and Sushil Jaodia (Center for Secure Information
Systems, George Mason University)

Software Security Weakness Scoring Chris Wysopal (Veracode)

Developing secure applications with metrics in mind
Thomas Heyman Christophe Huygens, and Wouter Joosen (K.U.Leuven)

Correlating Automated Static Analysis Alert Density to Reported
Vulnerabilities in Sendmail
Michael Gegick and Laurie Williams (North Carolina State University)

Practitioner Panel moderated by Becky Bace: Three practitioners from thought
leading companies describe how they use metrics to make better decisions.

If you know others that would be interested this collaborative workshop,
please forward them this email and let them know about this opportunity.

Please contact us with any questions.

Thanks,
Betsy Nichols and Gunnar Peterson
Metricon 2.0 Co-Chairs



___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___