[SC-L] The problem with (Java's) Security Policy (Was: Unclassified NSA document on .NET 2.0 Framework Security)

and release version 1.3.1. Guys, we need to start all over again with the policy. Anyone up for it? If I'm totally wrong please tell me what to do. I'd really like to deploy maintainable security policies. Mark Petrovic has written some good things on this issue (http://www.onjava.com

[SC-L] OWASP AppSec Research 2010 - Call for Papers

hns, University of Passau €Christoph Kern, Google €Sergio Maffeis, Imperial College London Organizing Committee €John Wilander, chapter leader Sweden (chair) €Mattias Bergling (vice chair) €Alan Davidson, Stockholm University/Royal Institute of Technology (co-host) €Ulf Munkeda

[SC-L] CFP: OWASP AppSec Research 2010 (Stockholm, Sweden)

any questions regarding submissions etc, please email john.wilan...@owasp.org. * IMPORTANT DATES * Submission deadline: February 7th 23:59 (Apia, Samoa time). Decision notification: April 7th Conference: June 21st - 24th * PROGRAM COMMITTEE * • John Wilander, Omegapoint and Linköping University

[SC-L] Official OWASP Summit Challenge

there. The authors of (my) favorite appsec books will be there. Best thing of all? You are most welcome to join! http://www.owasp.org/index.php/OWASP_Summit_2011 Get going with the Challenge – http://makeXORbreak.com Best regards, John Wilander -- John Wilander, https://twitter.com/johnwiland

Re: [SC-L] informIT: Modern Malware

A positive side effect of many vendors being US-based is that the US market takes most of the buzzword marketing hit. :) On a more serious note, I think there really are APTs out there, state-driven and all. The problem is when organizations use the term to get away with sub-standard security o

Re: [SC-L] bumper sticker slogan for secure software

eds a "necessarily" to be more precise. But it's short and does the trick for me---it separates adding security functions from trying to secure all functions in the system (during all phases). Regards, John ____ John Wilander, PhD Student Computer and Info

[SC-L] Web Services vs. Minimizing Attack Surface

all about exposing functionality to offer interoperability. Have any of you had discussions on the seemingly obvious conflict between these things? I would be very happy to hear your conclusions and opinions! Regards, John John Wilander, PhD student Computer

Re: [SC-L] Web Services vs. Minimizing Attack Surface

dating SOAP envelopes and prevention at the application/run-time system level. It seems to me like a huge burden. Regards, John John Wilander, PhD student Computer and Information Sc. Linkoping University, Sweden http://www.ida.liu.se/~johwi __