lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 19 Dec 2006 19:22:56 -0500
From: Nancy Kramer <>
To: "KT" <>, <>,
Subject: Re: comparing information security to other

At 03:16 PM 12/19/2006, KT wrote:
>What I am trying to figure out is how mature we are and how long will it 
>take for to get stable?

Not very mature and it will take a long time to get stable because 
programmers are just beginning to be aware of application security 
requirements and then they need to figure out how to implement 
them.  Remember most programmers came from a client server or mainframe 
world and they "don't get it".  The consumer also doesn't "get it".  They 
work great together.

I went to a PHP Conference recently and the creator of PHP said that there 
is not such thing as a completely secure web application.  When failure is 
a goal you will definitely get there.

I know all this because I am a programmer by background.  Most people 
designing web applications know so little about security it is scary.


Nancy Kramer
Free Color Picture Ads for Collector Cars
One of the Ten Best Places To Buy or Sell a Collector Car on the Web

No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.409 / Virus Database: 268.15.23/591 - Release Date: 12/17/2006

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists