Writing Secure Code -- Links -- November 14, 2008
By Mark Wilcox - CTO - Oracle Consulting Security-Oracle on Nov 18, 2008
It was a slow week for links, so a little delay. Also trying out a new layout.
This is an interesting article outlining some of the items that have really helped improve security. I don't think I would really quibble too much with the list. Some items are fairly well known such as X.509. Others less-so "The Jericho Forum" (which I think is also the name of the next James Bond movie). But I think the number one take-away from the list is how long things can take from "good idea" to ubiquity. For example X.509 is the #1 item but it took itself almost a decade to become widely used and really wouldn't have happened without SSL/TLS. And we're still constantly fighting rather simple things like certificate management that drive smart IT people batty and average people to give up.
"Evangelizing IT Security: Why is There a Need?"
This is an op-ed discussing why we still need to get the word out on security. And it really comes down to two basic problems - security experts tend to talk in "code" and security problems/solutions are dynamic. So if you are wondering why you should pay attention to security - this is the article to read.