Speaking at RSA on the following:
Dealing with the Wildness That Awaits in Software Security
The starting point for assessing Margin of Safety at design time is to combine Threat Models - how a system may fail - and Attack Surface - where a system is vulnerable. The output is a Countermeasure Model, which identifies and locates the Countermeasures in the system. This session will review the Margin of Safety and examine how these are applied in deployment, runtime policies and security mechanisms. We will also discuss the failure modes present in current web service implementation
They also asked me to do a 20 minute TED-style version of the talk which is supposed to be on a webcast, not sure when.
Have you posted the slides from this presentation? I'd be very interested to learn more.
Posted by: Russell Thomas | March 08, 2010 at 11:52 AM