Disclosing Vulnerabilities In a Timely Manner
We’ve all seen buggy computer software: sometimes it’s a menu item that doesn’t work as expected, sometimes it’s a broken links, and sometimes it is a security vulnerability. Fortunately, there are far fewer of the latter than the former. Researchers and software designers have been working diligently to help ensure that software has fewer security […]
Why I Hate Security
You might think from all the posts I’ve done here and the classes I’ve taught about it that I love security. I do, sort of, and I hate it, sort of, too. I think this love-hate relationship is kind of healthy, though. So why do I hate it? Well, like most people I like closure. […]
A Presidential Executive Order for Cybersecurity: Now What?
The morning before his State of the Union Address, President Obama signed the executive order Improving Critical Infrastructure Cybersecurity. Good news — the U.S. Government is getting some needed leadership on the subject. Fearfully intoning “digital Pearl Harbor” over and over may be politically useful for congressmen, but accomplishes nothing. This order, on the other […]
How Much of Cloud Security is New and Different?
As far as cybersecurity technology goes, absolutely nothing is new or different about cloud security. Cloud security is based on precisely the same fundamental technology you should already be using in your in-house operation. The only difference is that you are turning over control, and thus visibility, of some of the operation to a cloud […]
Learning it right from the start – part 1
I took my first computer programming class in 1973. It involved making pencil marks on Hollerith cards to create statements in BASIC. That led me to take a programming class the next school year. That class was an introduction to programming in FORTRAN. I was a high school junior and while I loved the class, […]