Comments on: Security Approaches That Don’t Work http://shapingsoftware.com/2009/01/09/security-approaches-that-dont-work/ Patterns and Practices for Software Success. Fri, 10 Sep 2010 12:38:40 +0000 http://wordpress.org/?v=2.7.1 hourly 1 By: Invalid Argument » Shaping Software » Security Approaches That Don’t Work http://shapingsoftware.com/2009/01/09/security-approaches-that-dont-work/comment-page-1/#comment-26648 Invalid Argument » Shaping Software » Security Approaches That Don’t Work Fri, 16 Jan 2009 14:24:32 +0000 http://shapingsoftware.com/2009/01/09/security-approaches-that-dont-work/#comment-26648 [...] Shaping Software » Blog Archive » Security Approaches That Don’t Work. [...] [...] Shaping Software » Blog Archive » Security Approaches That Don’t Work. [...]

]]> By: JD http://shapingsoftware.com/2009/01/09/security-approaches-that-dont-work/comment-page-1/#comment-25591 JD Sun, 11 Jan 2009 17:16:56 +0000 http://shapingsoftware.com/2009/01/09/security-approaches-that-dont-work/#comment-25591 @ Anil Cross-group criteria is tough. I've seen it work in two scenarios: 1. Somebody from the other group joins the team as a partner 2. The criteria is turned into a set of incremental hurdles, and again, there's a partnership @ Mike Thank you. I like the fact it resonates with your experience. @ Anil

Cross-group criteria is tough. I’ve seen it work in two scenarios:
1. Somebody from the other group joins the team as a partner
2. The criteria is turned into a set of incremental hurdles, and again, there’s a partnership

@ Mike

Thank you. I like the fact it resonates with your experience.

]]> By: Mike de Libero http://shapingsoftware.com/2009/01/09/security-approaches-that-dont-work/comment-page-1/#comment-25411 Mike de Libero Sat, 10 Jan 2009 22:26:19 +0000 http://shapingsoftware.com/2009/01/09/security-approaches-that-dont-work/#comment-25411 Great article JD. That article pretty much sums up most of the security anti-patterns that come up these days. Great article JD. That article pretty much sums up most of the security anti-patterns that come up these days.

]]> By: Anil John http://shapingsoftware.com/2009/01/09/security-approaches-that-dont-work/comment-page-1/#comment-25338 Anil John Sat, 10 Jan 2009 14:26:42 +0000 http://shapingsoftware.com/2009/01/09/security-approaches-that-dont-work/#comment-25338 Very Nice. I've also seen approaches where dev and security are done by different orgs and there is an attempt to force-fit them as part of a certification and accreditation phase that the system/software needs to go through to be in production. Very Nice.

I’ve also seen approaches where dev and security are done by different orgs and there is an attempt to force-fit them as part of a certification and accreditation phase that the system/software needs to go through to be in production.

]]> By: JD http://shapingsoftware.com/2009/01/09/security-approaches-that-dont-work/comment-page-1/#comment-25247 JD Sat, 10 Jan 2009 03:36:17 +0000 http://shapingsoftware.com/2009/01/09/security-approaches-that-dont-work/#comment-25247 @ Alik 10,000 ways that won't work ;) Thank you @ Kevin Thank you! I think it's easier to relate to the approaches when we have simple metaphors or names for them. You're right, no security is the most common approach! @ Alik

10,000 ways that won’t work ;)

Thank you

@ Kevin

Thank you! I think it’s easier to relate to the approaches when we have simple metaphors or names for them. You’re right, no security is the most common approach!

]]> By: Kevin Lam (IMPACTA) http://shapingsoftware.com/2009/01/09/security-approaches-that-dont-work/comment-page-1/#comment-25235 Kevin Lam (IMPACTA) Sat, 10 Jan 2009 02:07:19 +0000 http://shapingsoftware.com/2009/01/09/security-approaches-that-dont-work/#comment-25235 This is a really nice write-up! Forget nice, I think it's great. Your sum up of the bolt-on approach, which is the second most common approach today (next to no security ;P) is elegant: Make it work, and then make it right. This is a really nice write-up! Forget nice, I think it’s great. Your sum up of the bolt-on approach, which is the second most common approach today (next to no security ;P) is elegant: Make it work, and then make it right.

]]> By: Alik Levin http://shapingsoftware.com/2009/01/09/security-approaches-that-dont-work/comment-page-1/#comment-25121 Alik Levin Fri, 09 Jan 2009 09:12:07 +0000 http://shapingsoftware.com/2009/01/09/security-approaches-that-dont-work/#comment-25121 That is great write up. In the field I see more approaches that do not work than do work. But I also like Edison's "I have not failed. I’ve just found 10,000 ways that won’t work." You distilled precisly anti-patterns so it is easy to identify and avoid it. Here is my take on the security reviews that worked for me: http://tinyurl.com/9zvb92 That is great write up.
In the field I see more approaches that do not work than do work.
But I also like Edison’s “I have not failed. I’ve just found 10,000 ways that won’t work.”

You distilled precisly anti-patterns so it is easy to identify and avoid it.

Here is my take on the security reviews that worked for me:
http://tinyurl.com/9zvb92

]]>