Microsoft gives source code to Chinese government
Sold down the river. A phrase meaning to be betrayed by another. Originated during the slave trade in America. Selling a slave “down the river” would uproot the slave from their from spouses, children, parents, siblings and friends. For example: “I can’t believe that Microsoft gave their source code to the Chinese in a pathetic […]
Practical security management for startups
We normally associate the term “small business” or SME (small to medium sized enterprise) with commercial operations that buy and sell, manufacture products or provide services – lawyers, plumbers, accountants, web developers etc… However – there is an important class of small business operations that is often overlooked when it comes to information security and […]
The Microsoft monoculture as a threat to national security
This is probably a topic for a much longer essay, but after two design reviews this week with medical device vendor clients on software security issues, I decided to put some thoughts in a blog post. Almost 8 years ago, Dan Geer, Rebecca Bace,Peter Gutmann, Perry Metzger, Charles Pfleeger, John Quarterman and Bruce Schneier wrote a […]
Medical device security trends
Hot spots for medical device software security I think that 2011 is going to be an exciting year for medical device security as the FDA gets more involved in the approval and clearance process with software-intensive medical device vendors. Considering how much data is exchanged between medical devices and customer service centers/care givers/primary clinical care teams and […]
Customer security with software security
If you are an IT person, this article may be a waste of your time. But – if you are in the business of making and delivering products with software inside – read on. What threats really count for your business? No question is more important for implementing an effective security and compliance program for your […]
Software security assessments
In a way, every software security assessment is an exercise in software development. The first step in the software security assessment project is requirements analysis. Requirements analysis is concerned with what the system (whether it be a “traditional” application or a rich Web 2.0 application for social networking) needs to do. This involves examining the […]
Wishing is not enough
This time of year I get lots of mail wishing me a good year.
Information security best practices workshops
Every Thursday at 14:00 GMT we host a best practice security workshop online for business professionals, vendors and consultants. There is a short high-quality presentation and we share knowledge gained in the trenches. It’s 20 minutes, it’s free and it’s always a lot of fun. Register Here you will receive a confirmation email with a […]
Security Leadership
Gas prices may go down and electricity may get cheaper – but In 2009, most of us will have less money to spend and our clients will be tough on pricing and orders. For information security and compliance professionals it is the time to find, implement and enforce cost-effective security countermeasures. BUT HOW?
