The security of open source software
A conversation with a client this morning revolved around software development tool alternatives in an environment of Web Socket. Why not use Flash on the client and AMF on the server side?, the client asked. I hesitated for a moment and answered – because Adobe is proprietary and closed source and the only developers looking […]
Paying the price for peace
An exceptional post by Lilac Sigan “To bad it doesn’t pay to be a nice guy” suggests that Israel may be better off in the long term with its relations with Turkey by demanding a quid-pro-quo (The Turks are demanding reparations and an official apology from Israel for boarding the now infamous Gaza flotilla boat […]
Brainwashed by propaganda?
I decided to update this post – after the security theater of the week with the Palestinians and Israelis – as if Israel really needs the Palestinians to recognize Israel as a Jewish State and as if not building a few houses is going to give the Palestinian leaders a reason to stop terror and […]
Are you still using Excel for risk assessment?
There is a school of thought that says that you can take any complex problem and break it down like swiss cheese. Risk assessment data collection and analysis with Excel is one of those problems that can’t be swiss-cheesed. A collection of brittle, unwieldy, two dimensional worksheets is a really bad way of doing multi-dimensional […]
Do you have a business need for DLP?
To be able to do something before it exists, sense before it becomes active, and see before it sprouts. The Book of Balance and Harmony (Chung-ho chi). A medieval Taoist book Will security vendors, large to small (Symantec, Mcafee, nexTier, ANBsys and others..) succeed in restoring balance and harmony to their customers by relabeling their product suites as unified content […]
Night walking on the freeway
Ian Fleming once remarked how American road signs were so sexy – “winding curves” and “soft shoulders”. I was thinking of Ian Fleming taking an unexpected 5K walk at night on the shoulders of a 6 line freeway. Last night I was driving my daughter’s car on Route 6. There was a leak in the […]
Third party verification of verbal agreements
My lawyer once told me that I should be careful with verbal commitments since a verbal commitment can often be construed as a binding agreement. The question is how to verify the verbal agreement and enforce non-repudiation? There are many cases in life where you want to be able to verify a verbal commitment using […]
Return on security investment
The Control Policy Group is presenting a series of 6 free online workshops starting Sep 3, 2009 at 15:00GMT. The first workshop, “Using data security metrics and a value-based approach”, will teach measurement of how well security tools reduce Value at Risk in dollars (or in Euro) and how well they will do 3 years […]
Reducing risk of major data loss events
Martin Hellman (of Diffie Hellman) fame maintains the Nuclear Risk web site and has written a very insightful piece on risk analysis of nuclear war entitled Soaring, cryptography and nuclear weapons Hellman proposes that we need a third state scenario (instead current state – > nuclear war) where the risk of nuclear holocaust has been […]
Imperfect knowledge security
Keeping the organization robust in a highly dynamic threat environment Our capacity to predict will be confined to . . . general characteristics of the events to be expected and not include the capacity for predicting particular individual events. . .Yet the danger of which I want to warn is precisely the belief that in […]
