Thursday, July 05, 2007


More Links for 2007-07-05

  • Tax Avoidance Schemes by the Offshoring Outsourcers
    Most bloggers will exercise their right to remain silent on such issues...

  • Spam PDFs
    Security experts are warning email recipients of an emerging spam technique that for the first time is attaching PDF files to emails in a new attempt to dodge spam filters. Spammers are switching from image spam to PDF spam which I find amusing

  • Hackers getting more personal
    Spam is now being targeted at company executives. I suspect that the success rate of targeting technical attacks at non-technical executives is higher than the success rate for targeting spam at the general population

  • The Case of Insecure Security Software
    Why do IT executives and enterprise architects allow this sort of thing to happen?

  • applications should use several languages
    I wonder if Dean Wampler thinks that developing an application in multiple languages especially when outsourced to India will be successful. Most folks in India are struggling to master one language and throwing two will accelerate the time to failure which I think aligns with agile principles of failing fast

  • Open Source PKI Book
    I highly encourage others to read and include in their links

  • Banning programming languages to fix problems?
    Some languages suffer from security issues more than others. This blogger calls for a ban on C, C++ and Smalltalk which I concur.

  • Rich domain model stuck in legacy system
    Ed Gibbs talks about a problem that no software vendor has solved for. Think about how many enterprise architects have thought about getting domain knowledge out of legacy COBOL systems and gave up? Instead they are forced to use SOA as a wrapper around legacy systems without figuring out the notion of business architecture resulting in long-term SOA junk drawer architectures

  • OWASP Top 10 Web Application Vulnerabilities
    I bet you don't know how many of these vulnerabilities exist in Intalio, Hyperic, LogLogic, Zimbra and SugarCRM? The number aint zero

  • Oracle Database Security
    database breach exposes the purchasers of sex lubricant. I wonder how many of them are bloggers that have trackbacked to my own blog?

  • Application security, the process
    Folks in the blogosphere really need to stop encouraging using process as a substitute for competence. For example, the notion of secure design where folks review architectures is good but if they don't know what they are looking for then it is all ceremony. Maybe you guys could help encourage Gary McGraw of Cigital to write another book on this topic?

  • Links to this post:

    Create a Link

    << Home
    | | View blog reactions

    This page is powered by Blogger. Isn't yours?