This has been in the brew for about 6 months or more. I forgot just how time consuming it is to build out basic infrastructure and do some lifting in the first project.
There are a great bunch of corporate information security folks already involved which is really encouraging.
http://www.ism-community.org
The site is a little raw and [...]
Archive for February, 2007
The ISM-Community is Now Live
February 28, 2007Open Source Application Security
February 28, 2007Don Dodge does an excellent job of analyzing contributors to open source projects. I am not sure all open source technology types would see the same participation distribution curves as the Linux kernel, but it’s a great read. I mentioned this trend in my Building Online Communities post a few weeks ago.
Alans comment at Still [...]
Security Dashboards - Request for Help
February 28, 2007Warning: blatant personal product management research.
Please help. I am looking for screen captures of security dashboards. With your permission I will post them all here or forward them to the excellent Dashboard Spy to create a public collection.
CogHead are Dead Headed
February 28, 2007I got excited when the first electronic promise came in to join the CogHead beta process by Friday. I even blogged about it. I was almost blown away when last Weds a product marketing lady from CogHead who had read my blog sent me an email offering her help and wanting feed back. It was so [...]
You Can’t Teach Height
February 27, 2007This theme is getting viral on blogs and email.
Surely these are all reasonable questions…I could go on. Here’s the deal, when I hire someone, I’m looking for them to be tall. A boss told me once that he just wanted his programmers to be tall, because when you’re putting together a basketball team, you have [...]
Defining Security 2.0 - Part 1
February 27, 2007Prompted by Michael Santarcangelos comment in my blog posting I have just read the transcript of John Thompsons Security 2.0 speech last October and Alessandro Perilli’s Symantec and the big Security 2.0 lie. I think I was under a rock when Symantec were pushing out this stuff but it’s certainly not the Security 2.0 that I [...]
Were TJX PCI Compliant? The Blood Hounds Are On The Wrong Scent
February 27, 2007Many people are speculating wether TJX were compliant with PCI at the time they were breached. I think the blood hounds are on the wrong scent. If you can get certified for just $150 a year, I think I can also draw a fair conclusion that very little due diligence by way of real security testing is actually done during the [...]
Security 2.0
February 26, 2007 Tongue in cheek I used the phrase Security 2.0 in a post last week and several friends have sent me emails offline asking to explain what Security 2.0 will likely be.
I spent 10 mins and created this meme map just for fun.
Full size Meme Map here.
Yet More Presentations Online at SlideShare
February 26, 2007I think these could help a lot of security companies today.
Marketing Intro
Research
Product Design
Product and Brand
Product Definition
Product Positioning and Lifecycle
Advertising Theory
Two More Presentations Online with SlideShare
February 25, 2007Hack in the Box 2006 Keynote with John Viega
What application security tools vendors don’t want you to know and holes they will never find!
Asia Business Forum
Managing Corporate Information Security Risk in Financial Institutions
Recent Comments