Cigital’s Agile Security Manifesto

All Rights Reserved, Royalty-free license purchased through Fotolia.com

I tend to operate in accordance with the four principles of Cigital‘s recent Agile Security Manifesto.

[su_pullquote align=”right” class=””]NOTE: I cannot state whether I’ve employed Cigital professionally but I have had interaction with them in my career.[/su_pullquote]

Brother Can You Spare a Protocol?

If you haven’t yet heard of the SSLv3 protocol exploit then where have you been and how can you sleep at night.  Surely someone ran past you yesterday (Tuesday 10/14/14) with his hair on fire, screaming about graceful degradation of protocols.

 

Royalty-free license purchased via Fotolia.com

How Do You Respond?

 

APT – Advanced, Persistent Threat

Given enough adoption of secure policies and frameworks and a threat agent with adequate resources, access and motivation any control/countermeasure/safeguard can be overcome.

This means that a sufficiently motivated and backed threat agent (nee “hacker”) can defeat any one (and in multiple cases, any) security controls put in place.