Translate This Page
Options
Search
Tags
Archive
Archives
Posts
Sort by: Most Recent | Most Views | Most Comments
Excerpt View | Full Post View
  • David LeBlanc's Web Log

    DREADful

    Posted over 6 years ago
    by
    • 8 Comments
    Both the STRIDE and DREAD systems Michael and I documented in Writing Secure Code have been criticized quite a bit. Neither of them were developed with any real academic rigor, and from a scientific standpoint, neither of them tend to hold up very well...
  • David LeBlanc's Web Log

    Avoiding C++ vulnerabilities

    Posted over 6 years ago
    by
    • 4 Comments
    Just returned from Blackhat – it always seems that the presentations I most want to see happen at the same time as I'm scheduled to talk. Neel Mehta, John McDonald and Mark Dowd were talking about finding exploitable C++ specific flaws, and I was only...
  • David LeBlanc's Web Log

    DREAD and the PHB

    Posted over 6 years ago
    by
    • 1 Comments
    Sometimes when I present about secure programming practices, I emphasize education for PM's, testers, and devs, for obvious reasons. Then there's the hard part – educating management. You really have to be able to do that – you need to spend time on security...
  • David LeBlanc's Web Log

    More on C++ code auditing

    Posted over 6 years ago
    by
    • 0 Comments
    Just now had a chance to take a look at the presentation I referenced last post. It's fairly long and detailed, but worth a thorough reading. You can grab it here: http://taossa.com/ Someone commented on my last post that this stuff should be obvious...
Page 1 of 1 (4 items)