Wednesday, 23 July 2008

What I have been up to.

The 2008 SANS Awards for Finding Coding Books with Secure programming Flaws

(July 22, 2008, Washington, DC)
Four individuals were recognize today for their excellent descriptions of insecure code found in programming texts.

1. Craig Wright of BDO Kendalls in Australia was the overall winner with two first place winners and two honorable mentions. He found errors in:
a. The Complete Reference: C 4th Ed. (Osbourne) (Particularly good for showing how to find bugs using Safari service)
b. Programming Embedded Systems in C and C++ (O’Reilly)
c. C Primer Plus, Third Edition (SAMS)
d. C in a Nutshell (O’Reilly)
2. Dr. James Walden of Northern Kentucky University won a first place award for errors found in “Introduction to Java Programming, 7th edition” (Pearson Prentice Hall )
3. Brian Zaugg won an honorable mention for found errors in Beginning Ruby: from Novice to Professional (Apress)
4. Scott March of Interweb Technologies won an honorable mention for errors found in Beginning ASP Databases (Wrox)

Their entries will be published at the SANS sites next week. Their prizes ranged from $200 to $700. We’ll have another context in the Fall so keep looking for them.

Special thanks to Brian Chess of Fortify Technologies who pointed out the need to find these security flaws and served as primary judge for the competition.
============================================



First Place Winners
Introduction to Java Programming, 7th edition (Pearson Prentice Hall ) (Walden)
The Complete Reference: C 4th Ed. (Osbourne) (Particularly good for showing how to find bugs using Safari service) (Wright)
Programming Embedded Systems in C and C++ (O’Reilly) (Wright)

Honorable Mention
Beginning Ruby: from Novice to Professional (Apress) (Zaugg)
Beginning ASP Databases (Wrox) (March)
C Primer Plus, Third Edition (SAMS) (Wright)
C in a Nutshell (O’Reilly) (Wright)

No comments: