Archive for the 'Information Security Economics' Category
« Mark Curphey - SecurityBuddha.com
home page
June 12, 2008
Alex Hutton posted this follow up on my first post about checklists. He is of course spot on. Checklists in my humble opinion can provide a State of Nature, but can’t provide a State of Knowledge or a State of Wisdom (nice phrases). They certainly don’t do computation or analysis but what they do is [...]
Categories: Cool Business, Frameworks, Information Security Economics, Microsoft, Security Platforms, Software Security
Comments: Be the first to comment
June 10, 2008
I wanted to post a “rah rah” message to Rich Mogul when he posted that GRC platforms Are Dead. He was so spot on in my humble opinion that he made me smile for a week or so. I may be a bolshy arrogant git confident but re-assurance from smart people is always comforting. Today [...]
Categories: CISG, Compliance, Dashboards, Frameworks, Information Security Economics, Long Tail Security, Microsoft, Platforms, Security Industry, Security Platforms, Security metrics, Social Networking, Software Development, Working at Microsoft
Comments: 3 Comments
June 10, 2008
I am bored of the same old crap coming across my feed reader so I have decided to experiment; be ruthless and un-subscribe from anything that I don’t read (value) regularly and look for new fresh thinking and opinions. Sure the odd gem can be, well a “gem” and I may miss them but I [...]
Categories: Blogonomics, Blogroll, Information Security Economics, Security Industry, Software Development
Comments: 2 Comments
June 8, 2008
My cool security friend JD has done it again (in BETA).
http://www.codeplex.com/WCFSecurityGuide
These things are the definitive guides to the topic. Masterpieces!
Download the Improving Web Services Security Guide(BETA)
Categories: Information Security Economics, Microsoft, Software Security, Web Security, Working at Microsoft
Comments: 1 Comment
May 24, 2008
At the OWASP Conference in Belgium this week I had a slide about checklists.
This is the story behind the slide. My boss at Microsoft has a friend who is a pilot. He did his pre-take-off checklist and was cleared to taxi onto the runway by air traffic control. He consulted his checklist one [...]
Categories: Information Security Economics, OWASP, Security Industry, Speaking, information security
Comments: 5 Comments
May 24, 2008
I opened the OWASP Europe Conference this week with a slide (below) about vendor neutrality.
In essence I urged attendees to consider the motivations of those presenting various ideas at the conference; including myself of course. During the conference it was pointed out that the moderator of a panel “The PCI 6.6 Dogfight - [...]
Categories: Information Security Economics, OWASP, Quotes, Security Industry, Speaking
Comments: 1 Comment
April 13, 2008
I will be speaking at TechEd in Orlando in June (and probably the TechEds in Australia and New Zealand in September).
The Connected Information Security Group - CISG, part of the Microsoft corporate information security team are working on a technology framework and set of applications to support corporate information security management programs. The Microsoft and [...]
Categories: Cool Business, Information Security Economics, Microsoft, Platforms, Security Platforms, Software Development, Speaking, Working at Microsoft
Comments: 2 Comments
April 13, 2008
I got back from Redmond yesterday. I am getting old so couldn’t sleep well last night; luckily for me the BBC shows Our World during the night and I caught Danger - Democracy at Work. As usual it was a superb bit of journalism this time questioning Americas dogma to spread their own blend of [...]
Categories: Information Security Economics, OWASP, Social Networking, open source
Comments: Be the first to comment
Recent Comments