Security Roundup: Build Security In Edition
- David Litchfield lets rip at Oracle in “Complete failure of Oracle security response.” Such questions need to be directed to more vendors than just Oracle.
- Andrew Jaquith writes about “Hamster Wheels of Pain” in security company presentations.
- The Seattle Times has an article on those new fancy, radio controlled cockpit doors, “Glitch forces fix to cockpit doors.” Fascinating. I wonder if that’s made it into the aviation failures database? (Via Infosec news):
Boeing and Airbus insist there was no immediate danger. The mechanic had to be standing in precise spots with a particular walkie-talkie tuned to a specific frequency and with a certain signal strength.
There’s lots of stereotypical good detail: The vendor insisting it would be hard, an independent expert insisting it’s easy…
- Simson Garfinkel has a good presentation on RFID security issues that he gave to an OECD working group.
- Lastly, each item in this roundup relates to a failure to include security in the design and manufacture of new systems. DHS has just launched “Build Security In,” a new website to share information about how to include security in your software plans from the start.