Greetings all,
FYI, it looks like we're at the beginning of a new wave of software security
tools. There's a few commercial products beginning to hit the market that
take static src code scanning to a new level. See the link below for a
LinuxWorld article that briefly (!) describes @stake's
Greetings,
Almost missed this one while I was out of the office for a couple days...
Microsoft have announced the free availability of a threat modeling tool by
Frank Swiderski, who is also writing a soon-to-be released book on threat
modeling. Details on the tool (warning: requires .NET
Anyone looking for a great introduction to putting the principle of least
privilege into action, check out David Wheeler's article at:
http://www-106.ibm.com/developerworks/linux/library/l-sppriv.html?ca=dgr-lnxw04Privileges
It cites one of my favorite examples of least privilege, Wietse
