I think I am going to rename this blog “Stuff that doesn’t fit into 140 chars” (stolen from Chris Anderson). I am mainly posting on Twitter these days, you can follow me here www.twitter.com/curphey .
I am not sure how I missed this absolute gem of a blog post but I did. It’s a great read [...]
Archive for the 'Security Industry' Category
Gem of a Security Post
June 15, 2009SDL in Visual Studio Team System
May 19, 2009….has arrived.
Full details here.
S = ƒ ( ___ )
April 24, 2009S = ƒ(°WFF)
Degrees of Warm Fuzzy Feeling
S=f(p,d)+Rn
(Prayer, Denial) + Number of Days till Retirement
S=f(n)
Where n is the number of security guys you know
S=f(1/n)
Where n is the number of security standards documents you have read
S = ƒ(#B*#FCA)
Number of people you can blame multiplied by the number of friends you have that can cover your back-side
S [...]
This Blog Is Changing – Watch This Space
February 25, 2009Posting has obviously been slow over the last few months. I keep meaning to post a long reflective article about why I have decided to make some big changes about what and why I blog but I just never seem to find the time. In short I have become rather bored making general security commentary; [...]
The World Has Started to Slope Backwards
December 17, 2008‘….A few months ago, a major Bangalore-based infotech company lost out on a $8 million contract. The company was expecting a business delegation to visit India before signing the contract, but 15 days before the date set for the deal, the meeting was abruptly called off.
The same team went to China instead. When the Indian [...]
Consumer Application Security or Enterprise Application Security ?
October 21, 2008When Linus Torvalds wrote about the security circus he echoed a lot of the sentiment I have felt for a while; when it comes to software security, people care about the wrong things for the wrong reasons. The sensationalism that follows the release of security bugs is of course understandable. The popular press want to [...]
OWASP CISO Panel
October 20, 2008I didn’t go to OWASP NYC (put off by the vulnerability circus to be brutally honest) but I just watched the CISO panel and it’s just fantastic to see a panel of CISO’s discussing really important application security topics.
Jim Routh
‘…..view application security as a supply chain management problem’. Very wise!
‘Static analysis tools are most effective [...]
Are Business Risk and Technical Security Part of a Natural Fourier Series?
October 8, 2008Decade after decade politics moves from regulated economies to de-regulated economies. Changes are usually are triggered by “unpredictable events” (in political speak). We are almost certainly about to go onto a period of heavy government regulation of the financial services industry where “unpredictable events” or “failure” in plain English is blamed on inadequate of regulation. [...]

The Future : Regulation is Futile – Market Forces Will Prevail
April 28, 200939,000 ft over yet another ocean ……
I just watched an old Bill Joy talk from Ted 2006 via iTunes. Two key paraphrases struck me as prophetic.
“You can’t regulate the problem away”
“What we need is better networks”
In 2005 I did a series of public speaking events using a theme Naked security in which I stripped [...]
Categories: Information Security Economics, Long Tail Security, Microsoft, Platforms, Royal Holloway ISG, Second Life, Security 2.0, Security Industry, Security Platforms, Security metrics, Social Networking, Software Development, Software Security, Technology Commentary, Working at Microsoft, information security, open source
Comments: 6 Comments