Thursday, December 06, 2007
Links for 2007-12-06
Finally, Gartner having a strong call to action. Now if they only did the same thing regarding secure coding?
Brad Turner shares insights on both of these great technologies. I wonder if he has ever talked with Jackson Shaw and shared thinking on what Web Access Management vendors should do in order to integrate with both ADFS and CardSpace?
It is final and available for review. I hope that 2.1 will figure out how to converge OpenID and XACML...
If security is common sense, how come most folks ignore it?
Penetration-testing is the art of finding vulnerabilities in software. But what kind of an “art” is it? Is there any science to it? Is pen-testing the “only” way or the “best” way to find vulnerabilities in software?
Don’t be afraid of challenging the status-quo. True excellence as a security executive and leader demands you are willing to think differently. Dare to think big and differently!
Are you a participant?
For most of us here, we are looking to hack and crack systems. But spare a thought to those poor souls who have try to ensure their code stands up to the hack attack. And coming from a developer background, I should *really* know more about the security aspects of coding.
With two elements of the PCI data protection regulation that address applications security set to reach their deadlines during the first half of 2008, source code analysis vendors say they are priming for rapid growth as retailers and other companies begin making investments to meet the terms of the guideline.