Re: [SC-L] SearchSecurity: Badware versus malware

2012-05-12 Thread Gary McGraw 
The article does not suggest otherwise.

gem

On 5/11/12 1:51 PM, "Ben Laurie"  wrote:

>On 8 May 2012 07:18, Gary McGraw  wrote:
>> hi sc-l,
>>
>> What¹s worse, bad software or malicious software?  In fact, what¹s the
>>difference?
>>
>> My second column for SearchSecurity is all about that.  Read it today.
>>And pass it on.
>> 
>>http://searchsecurity.techtarget.com/opinion/Gary-McGraw-Eliminating-badw
>>are-addresses-malware-problem
>>
>> Bottom line: Talking about malware may be more fun and entertaining
>>than talking about endless security bugs, but if we¹re going to combat
>>malware we have to start with the badware vector.
>
>Fixing badware universally would plug one hole - and it's certainly a
>hole worth plugging. But it won't eliminate malware - it seems it is
>not hard to persuade users to install it for you, for example.
>
>>
>> gem
>>
>> company www.cigital.com
>> podcast www.cigital.com/silverbullet
>> blog www.cigital.com/justiceleague
>> book www.swsec.com
>>
>> ___
>> Secure Coding mailing list (SC-L) SC-L@securecoding.org
>> List information, subscriptions, etc -
>>http://krvw.com/mailman/listinfo/sc-l
>> List charter available at - http://www.securecoding.org/list/charter.php
>> SC-L is hosted and moderated by KRvW Associates, LLC
>>(http://www.KRvW.com)
>> as a free, non-commercial service to the software security community.
>> Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
>> ___


___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
___

Re: [SC-L] SearchSecurity: Badware versus malware

2012-05-12 Thread Ben Laurie 
On 11 May 2012 20:07, Gary McGraw  wrote:
> The article does not suggest otherwise.

Well, it certainly does _suggest_ it: "All of the things that we do to
improve software security are aimed explicitly at the badware
problem."

It doesn't say it, though, I agree.

>
> gem
>
> On 5/11/12 1:51 PM, "Ben Laurie"  wrote:
>
>>On 8 May 2012 07:18, Gary McGraw  wrote:
>>> hi sc-l,
>>>
>>> What¹s worse, bad software or malicious software?  In fact, what¹s the
>>>difference?
>>>
>>> My second column for SearchSecurity is all about that.  Read it today.
>>>And pass it on.
>>>
>>>http://searchsecurity.techtarget.com/opinion/Gary-McGraw-Eliminating-badw
>>>are-addresses-malware-problem
>>>
>>> Bottom line: Talking about malware may be more fun and entertaining
>>>than talking about endless security bugs, but if we¹re going to combat
>>>malware we have to start with the badware vector.
>>
>>Fixing badware universally would plug one hole - and it's certainly a
>>hole worth plugging. But it won't eliminate malware - it seems it is
>>not hard to persuade users to install it for you, for example.
>>
>>>
>>> gem
>>>
>>> company www.cigital.com
>>> podcast www.cigital.com/silverbullet
>>> blog www.cigital.com/justiceleague
>>> book www.swsec.com
>>>
>>> ___
>>> Secure Coding mailing list (SC-L) SC-L@securecoding.org
>>> List information, subscriptions, etc -
>>>http://krvw.com/mailman/listinfo/sc-l
>>> List charter available at - http://www.securecoding.org/list/charter.php
>>> SC-L is hosted and moderated by KRvW Associates, LLC
>>>(http://www.KRvW.com)
>>> as a free, non-commercial service to the software security community.
>>> Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
>>> ___
>

___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
___