[SC-L] BSIMM update (informIT)
Gary McGraw
gem at cigital.com
Thu Jan 28 10:34:30 EST 2010
hi sc-l,
David Rice (author of Geekonomics) is chairing the SANS software security summit in San Francisco next week. As part of the publicity leading up to that event we did a webcast last Friday. For those of you who were not able to attend the webcast, we captured the audio and video and are hosting that here:
http://www.cigital.com/justiceleague/2010/01/28/bsimm-update/
Among other things, David and I discussed the difference between descriptive models like BSIMM and prescriptive models which purport to tell you what you should do. I just wrote an article about that for informIT. The title is
"Cargo Cult Computer Security: Why we need more description and less prescription."
http://www.informit.com/articles/article.aspx?p=1562220
Hope to see some of you in San Francisco.
gem
company www.cigital.com
podcast www.cigital.com/silverbullet
book www.swsec.com
More information about the SC-L
mailing list