On Thu, 8 Mar 2007, Greg Beeley wrote:
> Perhaps one of the issues here is that if you are in operations work
> (network security, etc.), there are more aspects of the CISSP that are
> relevant to your daily work. In software development, there is usually
> just the one - app development sec - t
> [...] I do suspect that some of it is tied to the romance of
> certifications such as CISSP whereby the exams that prove you are a
> security professional talk all about physical security and network
> security but really don't address software development in any meaningful
> way. [...]
Tha
What Garigue was trying to say is that deploying a firewall on a network is
not security's mandate; it is _part of_ running a network. Basic hygiene.
Brushing your teeth is part of having teeth. Deploying anti-virus on a
windows desktop is not security; it is _part of_ operating a desktop. This
is
On 3/9/07, McGovern, James F (HTSC, IT) <[EMAIL PROTECTED]>
wrote:
Traditionally InfoSec folks defined themselves as being knowledgable in
firewalls, policies, etc. Lately, many enterprises are starting to recognize
the importance of security within the software development lifecycle where
even
Traditionally InfoSec folks defined themselves as being knowledgable in
firewalls, policies, etc. Lately, many enterprises are starting to recognize
the importance of security within the software development lifecycle where even
some have acknowledged that software is a common problem space for
SC-L,
I'm often asked by folks to compare and contrast some of the various
published software security practices, from Microsoft's SDL and
OWASP's CLASP through Cigital's "Touchpoint" processes. My own view
is that they all offer value and are all worthy of consideration. In
his most re
The right answer is both IMO. You need the thinkers, integrators, and
operators to do it right. The term Security Professional at its basic
level simply denotes someone who works to make things secure.
You can't be secure with only application security any more than you can
be secure with only f
actually just the former. Robert Garigue characterized firewalls, nids, et al
as good network hygiene. The equivalent of a dentist telling you to brush your
teeth. An infosec pro needs much more depth than that. The model is charlemagne
http://1raindrop.typepad.com/1_raindrop/2007/02/thinking_ab
If you have two individuals, one of which has been practicing secure coding
practices and encouraging others to do so for years while another individual
was involved with firewalls, intrusion detection, information security policies
and so on, are they both information security professionals or
Hopefully lots of the consultants on this list have been wildly successful in
getting Fortune enterprises to embrace secure coding practices. I am curious to
learn of those who have also been successful in getting these same Fortune
enterprises to incorporate the notion of secure coding practice
Greetings SC-Lers,
Sitting here in the DHS Software Assurance forum today, I browsed a
copy of the CrossTalk journal, "The Journal of Defense Software
Engineering". This month's issue is focused on software security,
and there are numerous articles in it that are likely to be of
general
11 matches
Mail list logo
