US-CERT and DHS Collaborate for Great Security Resource
I just stumbled on Build Security In, a collaboration between US-CERT and the Department of Homeland Security (geez I hate that name…oh well). It looks to be a great reasource for writing secure code.
But ick, they use a secret question as part of the registration. At least they let you define the question, rather than force you into the usual mother’s maiden name/first pet name boxes. But I wonder how many people will use mom’s name?
Update. Hmm. Not a good sign. I posted this problem on their moderated forums. I had to put it in their Architectural Risk Analysis forum, for reasons I explain (and they strip off CR/LFs, sigh):
Well, here's an architectural problem for you. (Forgive me for posting this in this particular forum, but it seems to be the best choice, is first on the list, and there is no forum to discuss the site. And the feedback form limits the number of characters you can type.) I just registered for this Build Security In site with a user name of donkiely and a strong password (25 characters, mix of letters, numbers and other characters). The site accepted the registration with no problem and invited me back Home to authenticate. But when I try to authenticate, I get an error: "Error Processing Login [ Try Again ]". I tried that several times. Then I re-registered for the site using credentials of consisting of a user name and password that were the same three, alpha characters only. That lets me in. Hmm. Not very secure! I'd like to use my original login and a strong password. How can I log in?