Sharing Research Data
by adam on January 30, 2012
I wanted to share an article from the November issue of the Public Library of Science, both because it’s interesting reading and because of what it tells us about the state of security research. The paper is “Willingness to Share (…)
Aviation Safety
by adam on January 25, 2012
The past 10 years have been the best in the country’s aviation history with 153 fatalities. That’s two deaths for every 100 million passengers on commercial flights, according to an Associated Press analysis of government accident data. The improvement is (…)
Kudos to Ponemon
by adam on January 23, 2012
In the past, we have has some decidedly critical words for the Ponemon Institute reports, such as “A critique of Ponemon Institute methodology for “churn”” or “Another critique of Ponemon’s method for estimating ‘cost of data breach’“. And to be (…)
Oracle’s 78 Patches This Quarter, Whatever…
by David Mortman on January 19, 2012
There’s been a lot of noise of late because Oracle just released their latest round of patches and there are a total of 78 of them. There’s no doubt that that is a lot of patches. But in and of (…)
Please Participate: Survey on Metrics
by alex on January 16, 2012
I got an email from my friend John Johnson who is doing a survey about metrics. If you have some time, please respond… ———————————————————————————————————————————————— I am seeking feedback from others who may have experience developing and presenting security metrics to (…)
Continuous Deployment and Security
by David Mortman on January 16, 2012
From an operations and security perspective, continuous deployment is either the best idea since sliced bread or the worst idea since organic spray pancakes in a can. It’s all of matter of execution. Continuos deployment is the logical extension of (…)
Please vote New School
by adam on January 12, 2012
We’re honored to be nominated in three categories for the Security Bloggers Awards: Most Educational Most Entertaining Hall of Fame On behalf of all of us who blog here, we’re honored by the nomination, and would like to ask for (…)
The New School of Software Engineering?
by adam on January 11, 2012
This is a great video about how much of software engineering runs on folk knowledge about how software is built: “Greg Wilson – What We Actually Know About Software Development, and Why We Believe It’s True” There’s a very strong (…)
New School Approaches to Passwords
by adam on January 10, 2012
Adam Montville left a comment on my post, “Paper: The Security of Password Expiration“, and I wanted to expand on his question: Passwords suck when they’re not properly cared for. We know this. Any other known form of authentication we (…)
How to Send Adam into Hysterics
by alex on January 10, 2012
Via Nathan Yau’s awesome Flowing Data blog.