Transisto (OP)
Donator
Legendary
Offline
Activity: 1731
Merit: 1008
|
|
July 27, 2012, 06:30:20 PM |
|
Given the nature of the beast, I'm surprised we don't have one already. I would add to it a sub "personal computer security" for general use bitcoin. And a more enterprise level sub for web-services dealing with bitcoins transactions. I was to post this there but found no places to post it. "OAuth 2.0 and the Road to Hell" http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/
|
|
|
|
|
|
|
|
The forum strives to allow free discussion of any ideas. All policies are built around this principle. This doesn't mean you can post garbage, though: posts should actually contain ideas, and these ideas should be argued reasonably.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
dree12
Legendary
Offline
Activity: 1246
Merit: 1077
|
|
July 28, 2012, 02:32:47 AM |
|
Hmm, maybe a general security subforum of Bitcoin Discussion? I think I'll add that to my thread on proposed subfora.
|
|
|
|
niko
|
|
July 31, 2012, 06:46:22 PM |
|
Given the nature of the beast, I'm surprised we don't have one already. I would add to it a sub "personal computer security" for general use bitcoin. And a more enterprise level sub for web-services dealing with bitcoins transactions. I was to post this there but found no places to post it. "OAuth 2.0 and the Road to Hell" http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/A personal security sub makes sense. Unfortunately, lots of useful information is already scattered around the forum. As for the "enterprise" level discussion, perhaps it's better if they keep it between themselves?
|
They're there, in their room. Your mining rig is on fire, yet you're very calm.
|
|
|
error
|
|
July 31, 2012, 08:13:57 PM |
|
As for the "enterprise" level discussion, perhaps it's better if they keep it between themselves?
If your security measures rely on keeping them secret, they aren't good security measures.
|
3KzNGwzRZ6SimWuFAgh4TnXzHpruHMZmV8
|
|
|
niko
|
|
July 31, 2012, 09:40:58 PM |
|
As for the "enterprise" level discussion, perhaps it's better if they keep it between themselves?
If your security measures rely on keeping them secret, they aren't good security measures. They shouldn't rely on secrecy, but should be discussed on a need-to-know basis between service providers, or between customers and providers. I think that's common sense. Anyhow, it wouldn't hurt to have the board. Everyone can decide if and how much they would be sharing there.
|
They're there, in their room. Your mining rig is on fire, yet you're very calm.
|
|
|
BadBitcoin (James Sutton)
Donator
Sr. Member
Offline
Activity: 452
Merit: 252
|
|
July 31, 2012, 10:40:59 PM |
|
As for the "enterprise" level discussion, perhaps it's better if they keep it between themselves?
If your security measures rely on keeping them secret, they aren't good security measures. They shouldn't rely on secrecy, but should be discussed on a need-to-know basis between service providers, or between customers and providers. I think that's common sense. Anyhow, it wouldn't hurt to have the board. Everyone can decide if and how much they would be sharing there. what you just said is that you rely on secrecy, a completely open and transparent security solution allows for open source collaboration on fixing any holes, regardless of the sensitivity of your situation. There are more whitehats on here than blackhats, and those whitehats are generally better at their job, too.
|
|
|
|
niko
|
|
July 31, 2012, 10:50:11 PM |
|
As for the "enterprise" level discussion, perhaps it's better if they keep it between themselves?
If your security measures rely on keeping them secret, they aren't good security measures. They shouldn't rely on secrecy, but should be discussed on a need-to-know basis between service providers, or between customers and providers. I think that's common sense. Anyhow, it wouldn't hurt to have the board. Everyone can decide if and how much they would be sharing there. what you just said is that you rely on secrecy, a completely open and transparent security solution allows for open source collaboration on fixing any holes, regardless of the sensitivity of your situation. There are more whitehats on here than blackhats, and those whitehats are generally better at their job, too. Then why are zero-day exploits usually not discussed in public boards? I thought a reasonable thing to do is to notify the dev team first, no?
|
They're there, in their room. Your mining rig is on fire, yet you're very calm.
|
|
|
|