Archive for the 'Information Security Economics' Category

The Future : Regulation is Futile – Market Forces Will Prevail

April 28, 2009

39,000 ft over yet another ocean ……
I just watched an old Bill Joy talk from Ted 2006 via iTunes. Two key paraphrases struck me as prophetic.
“You can’t regulate the problem away”
“What we need is better networks”
In 2005 I did a series of public speaking events using a theme Naked security in which I stripped [...]

Series of Static Analysis Posts

December 22, 2008

If you haven’t downloaded it here (or here if you run 64 bit) and run it against your .NET code you probably should.
To support the CTP release of CAT.NET Andreas Fuchsberger (developer on CISG) and Ben Livshits (Microsoft Research) will be posting a series of blogs over the next few weeks about the work behind [...]

The World Has Started to Slope Backwards

December 17, 2008

‘….A few months ago, a major Bangalore-based infotech company lost out on a $8 million contract. The company was expecting a business delegation to visit India before signing the contract, but 15 days before the date set for the deal, the meeting was abruptly called off.
The same team went to China instead. When the Indian [...]

CAT.NET and Anti-XSS 3.0 Released for Free

December 15, 2008

We have just released a free static analysis tool for .NET and the open source Anti-XSS 3.0 library (complete with Security Run-Time Engine).
http://blogs.msdn.com/cisg/archive/2008/12/15/anti-xss-3-0-beta-and-cat-net-community-technology-preview-now-live.aspx

ISO Security Standards – JTC27 Trip Report

October 24, 2008

If you are interested in following what’s happening in the ISO Security Standards world, you can navigate to the CISG blog and read our trip report.
http://blogs.msdn.com/cisg/

Beautiful Security

October 24, 2008

I am currently writing a chapter for a new O’Reilly book called Beautiful Security. You can pre-order it on Amazon now. There is a whole series of them following up from Beautiful Code including Beautiful Architecture from their Theory In Practice Series. This series has some of my favourite books including Scott Berkuns Making Things [...]

Enigma – Crypto for Kids

October 21, 2008

 
Brilliant!
http://blog.wired.com/geekdad/2008/10/enigma-crypto-c.html

Consumer Application Security or Enterprise Application Security ?

October 21, 2008

When Linus Torvalds wrote about the security circus he echoed a lot of the sentiment I have felt for a while; when it comes to software security, people care about the wrong things for the wrong reasons. The sensationalism that follows the release of security bugs is of course understandable. The popular press want to [...]

NSA Posts Secrets to Writing Secure Code – Write at 38 LOC Per Day

October 21, 2008

The National Security Agency has released a case study showing how to cost-effectively develop code with zero defects. If adopted widely, the practices advocated in the case study could help make commercial software programs more reliable and less vulnerable to attack, the researchers of the project conclude.
The case study is the write-up of an NSA-funded [...]

OWASP CISO Panel

October 20, 2008

I didn’t go to OWASP NYC (put off by the vulnerability circus to be brutally honest) but I just watched the CISO panel and it’s just fantastic to see a panel of CISO’s discussing really important application security topics.
Jim Routh

‘…..view application security as a supply chain management problem’. Very wise!

‘Static analysis tools are most effective [...]