Evolving the Security Review and Discussion Process
“The journey of a thousand miles begins with one step.” ~ Lao Tzu “If you do what you’ve always done, you’ll get what you’ve always gotten.” ~ Anthony Robbins We’ve … Read more
“The journey of a thousand miles begins with one step.” ~ Lao Tzu “If you do what you’ve always done, you’ll get what you’ve always gotten.” ~ Anthony Robbins We’ve … Read more
Mozilla recently had the opportunity to participate in a panel discussion regarding the economics of vulnerabilities and bug bounties at the Hack in the Box conference in Amsterdam. Out of … Read more
I’ve posted some of my recent thinking on privacy and identity. For some time we’ve generally seen privacy treated as its own problem domain, oddly divorced from the realms of … Read more
People want to know that they are safe when they browse the web. There are important differences between browsers when it comes to security, and so it’s no surprise to … Read more
Security metrics are very difficult to do well, and easy to do poorly. For example, take a look at the recent Secunia “2008 Report” (http://secunia.com/gfx/Secunia2008Report.pdf). It tries to break down … Read more
Secunia released a report this week that discusses a few aspects of the security landscape for 2007. Techworld ran a story based on this report with this headline: “Red Hat … Read more
Jeff Jones, a director of security strategy at Microsoft published a report today about counting bugs. I blogged a few months ago about why I think counting bugs is less … Read more
Since all software has bugs, it’s more important to consider how long it takes to get a fix out when a security issue is discovered than it is to count … Read more