Decade after decade politics moves from regulated economies to de-regulated economies. Changes are usually are triggered by “unpredictable events” (in political speak). We are almost certainly about to go onto a period of heavy government regulation of the financial services industry where “unpredictable events” or “failure” in plain English is blamed on inadequate of regulation. [...]
Archive for the 'Information Security Economics' Category
Justin Somaini is Blogging
September 25, 2008My good friend Justin Somaini the CSO of Symantec is now blogging!
Gazza on the Software Security Market
September 12, 2008Really good article by my pal Gazza (here).
Some highlight’s include;
All told, the software security market for tools and services in 2007 was worth somewhere between $275-300 million.
One of the most important developments in the software security market can be seen in the tools space which, combined, almost doubled to $150-180 million.
…..static analysis tools for [...]
Security Best Practices
September 3, 2008Best practiceAn idea that has no evidence to support its merits, and that probably doesn’t work, but that you can attribute to someone else when things go horribly, horribly wrong.
Sample Usage: Don’t worry about the noise from that flaky Geiger counter; this plant complies with all best practices.
CISG Team Blog
August 25, 2008The CISG Team Blog is now operational. We are initially blogging about things we are doing with Anti-XSS (and related technologies) but plan to expand to cover our bigger projects over the coming months.
You can expect a wide range of posts from program management, user experience and code level developer commentary.
http://blogs.msdn.com/cisg/
Is this a Series Global Cyber Attack Occurring Before Us?
August 22, 2008—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Ok, so to sum up the two emails below:
1. Fedora’s package signing box was compromised by unknown parties.
Fedora does not think the key’s passphrase was compromised however. They are changing their keys.
2. RedHat’s package signing key was used to sign trojaned OpenSSH packages. RedHat does not think these were distributed via [...]
More On Checklists
June 12, 2008Alex Hutton posted this follow up on my first post about checklists. He is of course spot on. Checklists in my humble opinion can provide a State of Nature, but can’t provide a State of Knowledge or a State of Wisdom (nice phrases). They certainly don’t do computation or analysis but what they do is [...]
Are You a Builder or a Breaker
September 10, 2008I am reading Brain Rules; great book! In the opening chapter there is a wonderful quotation from an interview with Frank Lloyd-Wright that resonates with how I feel about the application security industry.
“When I walk into St. Patrick’s cathedral here in New York City, I am enveloped with a feeling of reverence”, said Mike Wallace. [...]
Categories: Information Security Economics, Long Tail Security, OWASP, Productivity, Security 2.0, Social Networking, Software Development, Software Security, Technology Commentary, Web Security
Comments: 21 Comments