On Mon, 19 Mar 2007, Crispin Cowan wrote:
> Since many users are economically motivated, this may explain why users
> don't care much about security :)
But... but... but...
I understand the sentiment, but there's something missing in it. Namely,
that the costs related to security are not reall
Andrew, James,
Agreed, Microsoft has put some interesting thoughts out in their SDL
book. Companies that produce a software product will find a lot of
this approach resonates well. IT shops supporting financial houses
will have more difficulty. McGraw wrote a decent blog entry on this
top
Ed Reed wrote:
> Crispin Cowan wrote:
>
>> Crispin, now believes that users are fundamentally what holds back security
>>
>>
> I was once berated on stage by Jamie Lewis for sounding like I was
> placing the blame for poor security on customers themselves.
>
Fight back harder. Jamie i
In terms of creating a SDLC, pop out to Borders and get Howard and Lipner¹s
³The Security Development Lifecycle² ISBN 9780735622142
http://www.microsoft.com/mspress/books/8753.aspx
It is simply the best text I¹ve read in a long time.
You may be interested in the work Mark Curphey et al is doing
Crispin Cowan wrote:
> Crispin, now believes that users are fundamentally what holds back security
>
>
I was once berated on stage by Jamie Lewis for sounding like I was
placing the blame for poor security on customers themselves.
I have moved on, and believe, instead, that it is the economic
i
Gary McGraw wrote:
> Very interesting. Crispin is in the throes of big software. Anybody want to
> help me mount a rescue campaign from jamaica?
>
It is the art of managing upwards. To get my boss to do what I want him
to do, I have to encourage him, I can't just tell him. And his boss. And
h
Gary McGraw wrote:
> I'm not sure vista is bombing because of good quality. That certainly would
> be ironic.
>
> Word on the "way down in the guts" street is that vista is too many things
> cobbled together into one big kinda functioning mess.
I.e. it is mis-featured, and lacks on some inte
I agree with your assessment of how things are sold at a high-level but still
struggling in that it takes more than just graphicalizing of your points to
sell, hence I am still attempting to figure out a way to get my hands on some
PPT that are used internal to enterprises prior to consulting en
Very interesting. Crispin is in the throes of big software. Anybody want to
help me mount a rescue campaign from jamaica?
gem
company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com
-Original Message-
From: Crispin Cowan [
There are two major methods:
1. Opportunity cost / competitive advantage (the Microsoft model)
2. Recovery cost reductions (the model used by most financial institutions)
Generally, opportunity cost is where an organization can further its goals
by a secure business foundation. This requires the
I am attempting to figure out how other Fortune enterprises have went about
selling the need for secure coding practices and can't seem to find the answer
I seek. Essentially, I have discovered that one of a few scenarios exist (a)
the leadership chain was highly technical and intuitively unders
11 matches
Mail list logo
