Mark Curphey - SecurityBuddha.com

It’s all about the framework (again)!

I wanted to post a “rah rah” message to Rich Mogul when he posted that GRC platforms Are Dead. He was so spot on in my humble opinion that he made me smile for a week or so. I may be a bolshy arrogant git confident but re-assurance from smart people is always comforting. Today [...]

I thought I posted this a while back so my apologies. At the OWASP Conference I spoke about social networking and how it may be applied to security domain in the future.  I used the slide below.
 

 
In a related but unconnected event, that Friday someone of the team sent out a simple spreadsheet [...]

I am bored of the same old crap coming across my feed reader so I have decided to experiment; be ruthless and un-subscribe from anything that I don’t read (value) regularly and look for new fresh thinking and opinions. Sure the odd gem can be, well a “gem” and I may miss them but I [...]

At the OWASP Conference in Belgium this week I had a slide about checklists.

This is the story behind the slide. My boss at Microsoft has a friend who is a pilot. He did his pre-take-off checklist and was cleared to taxi onto the runway by air traffic control. He consulted his checklist one [...]

I opened the OWASP Europe Conference this week with a slide (below) about vendor neutrality.

In essence I urged attendees to consider the motivations of those presenting various ideas at the conference; including myself of course. During the conference it was pointed out that the moderator of a panel “The PCI 6.6 Dogfight - [...]

That’s right, its the Mesh. Security implications galore…..I hope there will be some amazing security SOA folks developing these apps.

It’s no real secret what I am doing at Microsoft although I haven’t really blogged about it much. I do plan to start in the coming weeks with some long posts about platforms, information security BPM, applying business management techniques to the information security discipline, dashboards and business intelligence etc.
Before I do that and hot [...]

There is a nice video on the Virtual TechEd site here of RR, a Security Developer MVP.
Raffaele Rialdi sits down with Lori Grosland and explains his work with security and the software development life cycle.  He also talks about threat modeling and how there are new ways that it is being used to identify [...]

Static Analysis Tools Exposition (SATE). If these guys would do this on other tool classes I think we could breakdown some more security religion and get back to creating pragmatic solutions to real problems. Wow, the first two rants ever on my blog each within a few minutes, strange day.