|
Title: No Security subforum ? Post by: Transisto on July 27, 2012, 06:30:20 PM Given the nature of the beast, I'm surprised we don't have one already.
I would add to it a sub "personal computer security" for general use bitcoin. And a more enterprise level sub for web-services dealing with bitcoins transactions. I was to post this there but found no places to post it. "OAuth 2.0 and the Road to Hell" http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/ Title: Re: No Security subforum ? Post by: dree12 on July 28, 2012, 02:32:47 AM Hmm, maybe a general security subforum of Bitcoin Discussion? I think I'll add that to my thread on proposed subfora.
Title: Re: No Security subforum ? Post by: niko on July 31, 2012, 06:46:22 PM Given the nature of the beast, I'm surprised we don't have one already. I would add to it a sub "personal computer security" for general use bitcoin. And a more enterprise level sub for web-services dealing with bitcoins transactions. I was to post this there but found no places to post it. "OAuth 2.0 and the Road to Hell" http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/ A personal security sub makes sense. Unfortunately, lots of useful information is already scattered around the forum. As for the "enterprise" level discussion, perhaps it's better if they keep it between themselves? Title: Re: No Security subforum ? Post by: error on July 31, 2012, 08:13:57 PM As for the "enterprise" level discussion, perhaps it's better if they keep it between themselves? If your security measures rely on keeping them secret, they aren't good security measures. Title: Re: No Security subforum ? Post by: niko on July 31, 2012, 09:40:58 PM As for the "enterprise" level discussion, perhaps it's better if they keep it between themselves? If your security measures rely on keeping them secret, they aren't good security measures. They shouldn't rely on secrecy, but should be discussed on a need-to-know basis between service providers, or between customers and providers. I think that's common sense. Anyhow, it wouldn't hurt to have the board. Everyone can decide if and how much they would be sharing there. Title: Re: No Security subforum ? Post by: BadBitcoin (James Sutton) on July 31, 2012, 10:40:59 PM As for the "enterprise" level discussion, perhaps it's better if they keep it between themselves? If your security measures rely on keeping them secret, they aren't good security measures. They shouldn't rely on secrecy, but should be discussed on a need-to-know basis between service providers, or between customers and providers. I think that's common sense. Anyhow, it wouldn't hurt to have the board. Everyone can decide if and how much they would be sharing there. what you just said is that you rely on secrecy, a completely open and transparent security solution allows for open source collaboration on fixing any holes, regardless of the sensitivity of your situation. There are more whitehats on here than blackhats, and those whitehats are generally better at their job, too. Title: Re: No Security subforum ? Post by: niko on July 31, 2012, 10:50:11 PM As for the "enterprise" level discussion, perhaps it's better if they keep it between themselves? If your security measures rely on keeping them secret, they aren't good security measures. They shouldn't rely on secrecy, but should be discussed on a need-to-know basis between service providers, or between customers and providers. I think that's common sense. Anyhow, it wouldn't hurt to have the board. Everyone can decide if and how much they would be sharing there. what you just said is that you rely on secrecy, a completely open and transparent security solution allows for open source collaboration on fixing any holes, regardless of the sensitivity of your situation. There are more whitehats on here than blackhats, and those whitehats are generally better at their job, too. Then why are zero-day exploits usually not discussed in public boards? I thought a reasonable thing to do is to notify the dev team first, no? |