[Owasp-leaders] Fwd: 2012 Rugged Summit

Dennis Groves dennis.groves at owasp.org
Tue Sep 4 12:06:09 UTC 2012


Feedback???

But this is not the developers fault, nor responsibility...

Three patterns:

Vulnerabilities run right through the entire delivery stack!  Writing
better apps is not going to make poorly designed stateless protocols
safer! (Just one of hundreds of examples...)

Developers are not stupid - they are delivering exactly what they are asked
to deliver: feature, feature, feature... If developers were giving business
anything other than what they were asked for they would be fired!

Entropy: its the law.  Software is written to meet the business
requirements today, but change happens; and the software decays. So even if
it were to write secure software today, tomorrow it will not be.



Dennis

FWIW, I love the rugged software concept! I wrote my masters thesis on
'security stories' two years ago and have been using this idea for about
four years now...  I am just have questions that remain in my head despite
my project successes - issues that I think that also have to be overcome...


On Tue, Sep 4, 2012 at 2:02 AM, Jerry Hoff <jerry at owasp.org> wrote:

> **
> Hi Dennis,
>
> In my experience, it's that the vast number of organizations are doing *little
> to nothing* to improve security within their development shops.  It's not
> that we are doing the wrong things, it's that we are not doing anything.
>
> Jerry
>
>
> On 9/3/12 8:00 PM, Dennis Groves wrote:
>
> Well Said!
>
> On Sat, Sep 1, 2012 at 10:15 PM, Jerry Hoff <jerry at owasp.org> wrote:
>
>  "We have no proof that any of the things that we recommend in this
>> handbook will work. Of course, nobody has any proof that what anyone is
>> currently doing works either. *What we do know is that we need to try new
>> approaches*, for it is certain that the problem is scaling up much faster
>> than our ability to apply our current techniques."
>>
>
> And we know this because on the whole shit is still broken, despite all
> the things tried over the last couple of decades and things are still
> broken...if not more broken than ever...
>
>
-- 
-- 
Dennis Groves <http://about.me/dennis.groves>, MSc
dennis.groves at owasp.org

 <http://www.owasp.org/>

*This work is licensed under the Creative Commons
Attribution-NonCommercial-NoDerivs 3.0 Unported License. To view a copy of
this license, visit http://creativecommons.org/licenses/by-nc-nd/3.0/ or
send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain
View, California, 94041, USA.*




-- 
-- 
Dennis Groves <http://about.me/dennis.groves>, MSc
dennis.groves at owasp.org

 <http://www.owasp.org/>

*This work is licensed under the Creative Commons
Attribution-NonCommercial-NoDerivs 3.0 Unported License. To view a copy of
this license, visit http://creativecommons.org/licenses/by-nc-nd/3.0/ or
send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain
View, California, 94041, USA.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120904/5b5fc212/attachment.html>


More information about the OWASP-Leaders mailing list