Good day, In my experience auditing SDLCs of various companies, there are three common general steps and their relevant perspectives:
1. Make it work (Functional) 2. Make it fast (Performance) 3. Make it secure (Security) Most of them, do not reach number 3. One thing I've noted though, is the absence of formal security or control objectives in their SDLC process that their application must meet in order to give reasonable assurance that they have integrated security and application controls that mitigate most security risks. Cris Masancay On Feb 11, 2008 7:02 PM, manny <[EMAIL PROTECTED]> wrote: > Built-In Security > February 11th, 2008 by Maddog > > Larry Dignan posed a very good question as the title of one of his posts: > "Why is security usually an afterthought?" In his post he writes: > > Simply put, security would be a lot better if companies gave > just a smidge of forethought to vulnerabilities. Sure there are > a few bright spots -- I thought MySpace's move to put its third > party apps through some security testing before unleashing them > to users was a great idea. But far too often I'm wondering why > security isn't at least thought about a bit before we move on to > the latest and greatest thing. > > We've been asking the same question too. > > Read the entire post at: > http://www.infoweapons.com/blog/?p=117 > > --- > Root Servers Get More IPv6 Addresses > February 5th, 2008 by Maddog > > The Internet Assinged Numbers Authority (IANA) has retrofitted some of the > root servers with IPv6 capabilities. This was announced in "IPv6 > Addresses for the Root Servers", as follows: > > On or about 4 February 2008, for the first time AAAA records > for some of the authoritative name servers for the DNS root > zone will be introduced. These records will provide for access > to the root servers over IPv6 transport, and will be implemented > in both the root zone data, and the root hints file. We are > providing this advanced notification in case unexpected network > events occur that might be related to this change. > > Read this entire post: > http://www.infoweapons.com/blog/?p=116 > > -- Freedom consists not in doing what we like, but in having the right to > do what we ought. -- Pope John Paul II > > --[Manny [EMAIL PROTECTED] > Alternative Information and Opinion at http://www.phnix.net > Advocacy blog: http://mamador.wordpress.com > Personal website: http://mannyamador.multiply.com > --[Pro-Life Philippines]-------------------[http://www.prolife.org.ph]-- > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > [email protected] (#PLUG @ irc.free.net.ph) > Read the Guidelines: http://linux.org.ph/lists > Searchable Archives: http://archives.free.net.ph > -- Christian Masancay _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
