Comments Off
Starting Over
Saturday, September 11th, 2010
In order to define the end, we must start at the beginning. Hindsight is 20/20, eh?
1
Starting Over
In order to define the end, we must start at the beginning. Hindsight is 20/20, eh?
2
Vulnerability Management Metrics
In order to manage, you must be able to measure...
3
Vulnerability Management Manifesto
Like all passionate people, I have a manifesto. Here it is.
Comments Off
Reboot
Monday, July 26th, 2010
There have been events in my personal and professional life that have caused me to take a new perspective towards information security and vulnerability management. While New Year’s Day and spring are seemingly better metaphorical times for rebirth or renewal, I am choosing to rededicate myself to this blog and the mission that I set [...]
Comments Off
The Battle of If and When
Sunday, December 20th, 2009
No, this isn’t an article about logic branching within applications, rather I was thinking recently about the epic battle between two opposing forces: If and When. To describe If and When, you have to understand their personalities, their personal history and the way they look at the world. When looks at the world with maybe [...]
In the News: RBS WorldPay Hackers Charged
Tuesday, November 10th, 2009
While perusing through my security reading lists today, I saw something that I thought I would never see: Eight charged in $9.5m payment processor hack This headline (Source: The Register) references the compromise of the RBS WorldPay application, and the subsequent draining of numerous accounts to the tune of 9.5 million US Dollars. In today’s [...]
Comments Off
In the News: Nation-State Hacking
Friday, October 23rd, 2009
In today’s online edition of the Wall Street Journal (WSJ) (Article: WSJ Online), I read about a report commissioned by congress to investigate nation-state hacking against the United States and companies within our borders. We have seen reports in the news of how the government and companies that sell materials and equipment to the government [...]
Comments Off
In the News: Use Cryptography, Avoid Jailtime
Thursday, October 22nd, 2009
Important note from the author on this one. The article I read (Source: The Register) talks about a court case in Australia. The author would like to indicate that this particular defense may likely not be observed as jurisprudence in many locations, but thought the concept was interesting nonetheless. According to The Register, a man [...]
Comments Off
In the News: Spyware for sale?
Monday, October 19th, 2009
I read an interesting article this morning: Symantec Press Release Basically, Symantec has seen a rise in the sale of malware disguised as antivirus or other security software. Their full report (Full Report) while wordy for the average computer user basically confirms what people in the security industry have been saying for years: The bad [...]
Comments Off
Vulnerability Management Metrics
Tuesday, September 8th, 2009
This is the first installment in a series of three articles about vulnerability management metrics. In this first installment, we are going to try to explain VM metrics and how each individual finding rolls up into a higher level report which must be designed to confuse management and technicians alike. At most of the user [...]
Vulnerability Management Manifesto
Wednesday, September 2nd, 2009
When I think about vulnerability management…and how the discipline/technology has evolved in the last ten years, I get passionate. I get passionate not because I think that the technologies are not working, or that they haven’t evolved…I get passionate when I think about how we use them as information security professionals. Like all passionate people [...]