Free risk assessment of your web site
With all the news about credit card breaches, there are probably a lot of people scurrying about trying to figure out the cheapest and fastest way to reduce the risk of some Saudi hacker stealing credit cards or mounting a DDOS attack on their web site. I have written here, here and here about how […]
Apps vs. the Web, enemy or friend?
Saw this item on Gigaom. George Colony, the chairman and CEO of Forrester Research, re-ignited a minor firestorm recently, with a presentation at the LeWeb conference in which he argued that the web is dead, and being replaced by the app economy — with mobile and smartphone apps that leverage the cloud or other services rather than […]
Build management and Governance
Don’t break the build. There is absolutely no question that the build process is a pivot in the software quality process. Build every day, don’t break the build and do a smoke test before releasing the latest version. This morning, I installed the latest build of an extremely complex network security product from one of […]
The top 10 mistakes made by Linux developers
My colleague, Dr. Joel Isaacson talks about the top 10 mistakes made by Linux developers. It’s a great article and great read from one of the top embedded Linux programmers in the world. The Little Engine That Could Copyright 2004 Joel Isaacson. This work is licensed under the Creative Commons Attribution License. I try to […]
Digital content protection
A customer case study – Digital content protection for VOD on a TCP unicast network One of our most interesting projects recently was a digital content protection and secure content distribution software development projects in the field of IPTV and video on demand. We were called in at a critical stage in project delivery to […]
Will security turn into a B2B industry?
Information security is very much product driven and very much network perimeter security driven at that: firewalls, IPS, DLP, anti-virus, database firewalls, application firewalls, security information management systems and more. It is convenient for a customer to buy a product and feel “secure” but, as businesses become more and more interconnected, as cloud services […]
Practical security management for startups
We normally associate the term “small business” or SME (small to medium sized enterprise) with commercial operations that buy and sell, manufacture products or provide services – lawyers, plumbers, accountants, web developers etc… However – there is an important class of small business operations that is often overlooked when it comes to information security and […]
The Microsoft monoculture as a threat to national security
This is probably a topic for a much longer essay, but after two design reviews this week with medical device vendor clients on software security issues, I decided to put some thoughts in a blog post. Almost 8 years ago, Dan Geer, Rebecca Bace,Peter Gutmann, Perry Metzger, Charles Pfleeger, John Quarterman and Bruce Schneier wrote a […]
The importance of data collection in a risk assessment
A risk assessment of a business always starts with data collection. The end objective is identifying and then implementing a corrective action plan that will improve data security in a cost-effective way, that is the right fit for the business. The question in any risk assessment is how do you get from point A (current […]
10 guidelines for a security audit
What exactly is the role of an information security auditor? In some cases, such as compliance by Level 1 and 2 merchants with PCI DSS 2.0, external audit is a condition to PCI DSS 2.0 compliance. In the case of ISO 27001, the audit process is a key to achieving ISO 27001 certification (unlike […]
