Search For:

Displaying 1-24 out of 24 total
The State of Embedded-Device Security (Spoiler Alert: It's Bad)
Found in: IEEE Security & Privacy
By John Viega,Hugh Thompson
Issue Date:September 2012
pp. 68-70
Embedded-systems security is a mess, and the embedded-software industry needs to start focusing on it. This will involve moving beyond just the technology to rethink our assumptions of how people will actually use and maintain embedded devices.
Happy Anniversary!
Found in: IEEE Security and Privacy
By John Viega
Issue Date:January 2012
pp. 3-4
IEEE Security & Privacy editor in chief John Viega looks back 10 years to how the computer security field has changed and evolved. Although the security industry has grown exponentially, are we any safer?
Guest Editors' Introduction: Mobile Device Security
Found in: IEEE Security and Privacy
By John Viega, Bret Michael
Issue Date:March 2010
pp. 11-12
Now that handheld devices are ubiquitous and powerful enough to be considered personal computers, they're an attractive target for hacking and misuse. The guest editors of this special issue brought together a set of articles that describe challenges and p...
Practical Random Number Generation in Software
Found in: Computer Security Applications Conference, Annual
By John Viega
Issue Date:December 2003
pp. 129
There is a large gap between the theory and practice for random number generation. For example, on most operating systems, using /dev/random to generate a 256-bit AES key is highly likely to produce a key with no more than 160 bits of security. In this pap...
Defcon Capture the Flag: Defending Vulnerable Code from Intense Attack
Found in: DARPA Information Survivability Conference and Exposition,
By Crispin Cowan, Seth Arnold, Steve Beattie, Chris Wright, John Viega
Issue Date:April 2003
pp. 120
Defcon?s Capture the Flag (CtF) game is the largest open computer security hacking game. This year?s CtF hat rules that made it particularly difficult to be a successful defender. We entered an Immunix server, comprised of five years of IA&S, OASIS, FT...
Can Aspect-Oriented Programming Lead to More Reliable Software?
Found in: IEEE Software
By John Viega, Jeffrey Voas
Issue Date:November 2000
pp. 19-21
No summary available.
Statically Scanning Java Code: Finding Security Vulnerabilities
Found in: IEEE Software
By John Viega,Gary McGraw,Tom Mutdosch,Edward W. Felten
Issue Date:September 2000
pp. 68-74
Developers and users require some degree of assurance in their applications' security vulnerabilities. The authors have designed a prototype tool, Jslint, to help programmers automatically use existing security knowledge.
Ten Years On, How Are We Doing? (Spoiler Alert: We Have No Clue)
Found in: IEEE Security & Privacy
By John Viega
Issue Date:November 2012
pp. 13-16
As this magazine closes out its 10th anniversary year, its editor in chief gives the industry a report card for the past decade, both to see how well it did and to set some goals for the next 10 years.
Giving Back
Found in: IEEE Security & Privacy
By John Viega
Issue Date:November 2012
pp. 3-4
Editor-in-chief John Viega closes out his term with a discussion about why he served and how other people can get involved to give back to the security community.
Cloud Security: Not a Problem
Found in: IEEE Security & Privacy Magazine
By John Viega
Issue Date:July 2012
pp. 3-3
Misconceptions about cloud computing security threaten to slow its adoption.
Ten Years of Trustworthy Computing: Lessons Learned
Found in: IEEE Security and Privacy
By John Viega
Issue Date:September 2011
pp. 3-4
In the 10 years since Microsoft launched its Trusted Computing Initiative, Microsoft has invested billions on the security of their software. In this article, we learn that, while they haven't gotten out all the bugs, Microsoft has had a significant positi...
Reality Check
Found in: IEEE Security and Privacy
By John Viega
Issue Date:January 2011
pp. 3-4
IEEE S&P's new Editor in Chief talks about the state of the security industry and the direction of the magazine.
Cloud Computing and the Common Man
Found in: Computer
By John Viega
Issue Date:August 2009
pp. 106-108
The cloud offers several advantages, but until some of its risks are better understood many major players might hold back.
Why Applying Standards to Web Services Is Not Enough
Found in: IEEE Security and Privacy
By John Viega, Jeremy Epstein
Issue Date:July 2006
pp. 25-31
Properly designing and securing your Web services application is important, and it's not just a matter of using security standards. Developers must understand both the limitations and drawbacks to security standards in order to fully secure their Web servi...
The Pros and Cons of Unix and Windows Security Policies
Found in: IT Professional
By John Viega, Jeffrey Voas
Issue Date:September 2000
pp. 40-45
<p>Unix and Windows NT security models have their advantages and disadvantages. Neither offers clearly superior security.</p>
Automating Delegation in Class-Based Languages
Found in: Technology of Object-Oriented Languages, International Conference on
By John Viega, Paul Reynolds, Reimer Behrends
Issue Date:August 2000
pp. 171
Some designers of class-based object oriented languages choose not to support multiple inheritances. As a result, programmers often resort to ad hoc workarounds. The most common of these workarounds is delegation. Even delegation is tedious and error prone...
Coping with Java Programming Stress
Found in: Computer
By Roger T. Alexander, James M. Bieman, John Viega
Issue Date:April 2000
pp. 30-38
<p>Despite Java attributes (memory management, strong type checking, and built-in support for exception handling) that promote reliable, bug-free software, some features contribute to, rather than alleviate, programmer stress because they create obsc...
Two Systems for Automatic Software Diversification
Found in: DARPA Information Survivability Conference and Exposition,
By C. C. Michael, Aron Bartle, John Viega, Alexandre Hulot, Natasha Jarymowycz, J. R. Mills, Brian Sohr, Brad Arkin
Issue Date:January 2000
pp. 1220
No summary available.
Security---problem solved?
Found in: Queue
By John Viega
Issue Date:June 2005
pp. 40-50
There are plenty of security problems that have solutions. Yet, our security problems don't seem to be going away. What's wrong here? Are consumers being offered snake oil and rejecting it? Are they not adopting solutions they should be adopting? Or, is th...
Building security requirements with CLASP
Found in: Proceedings of the 2005 workshop on Software engineering for secure systemsbuilding trustworthy applications (SESS '05)
By John Viega
Issue Date:May 2005
pp. 105-110
Traditionally, security requirements have been derived in an ad hoc manner. Recently, commercial software development organizations have been looking for ways to produce effective security requirements.In this paper, we show how to build security requireme...
Security is Harder than You Think
Found in: Queue
By John Viega, Matt Messier
Issue Date:July 2004
pp. 60-65
The 2,167-mile Appalachian Trail stretches continuously from Georgia to Maine, thanks in part to rights-of-way that grant the hiking trail access through property that might otherwise remain under the control of thousands of individual landowners. Imagine ...
Token-based scanning of source code for security problems
Found in: ACM Transactions on Information and System Security (TISSEC)
By Gary McGraw, J. T. Bloch, John Viega, Tadayoshi Kohno
Issue Date:November 1998
pp. 238-261
We describe ITS4, a tool for statically scanning C and C++ source code for security vulnerabilities. Compared to other approaches, our scanning technique stakes out a new middle ground between accuracy and efficiency. This method is efficient enough to off...
3D magic lenses
Found in: Proceedings of the 9th annual ACM symposium on User interface software and technology (UIST '96)
By George Williams, John Viega, Matthew J. Conway, Randy Pausch
Issue Date:November 1996
pp. 51-58
This paper describes a Computer Aided Design system for sketching free-form polygonal surfaces such as terrains and other natural objects. The user manipulates two 3D position and orientation trackers with three buttons, one for each hand. Each hand has a ...
Trust (and mistrust) in secure applications
Found in: Communications of the ACM
By Bruce Potter, John Viega, Tadayoshi Kohno
Issue Date:January 1988
pp. 31-36
Case study findings from several corporate environments suggest that successful virtualization does not depend on the degree of technological sophistication. It's how the tools are used that matters.