15 Years of Software Security: Looking Back and Looking Forward

by adam on August 18, 2011

Fifteen years ago, I posted a copy of “Source Code Review Guidelines” to the web. I’d created them for a large bank, because at the time, there was no single document on writing or reviewing for security that was broadly (…)

Read the rest of this entry »


by alex on August 16, 2011

I’ve left Verizon.  A lot of folks have come up to me and asked, so I thought I’d indulge in a rather self-important blog-post and explain something: It wasn’t about Verizon, but about the opportunity I’ve taken. Wade, Chris, Hylender, (…)

Read the rest of this entry »

Securosis goes New School

by Russell on August 10, 2011

The fine folks at Securosis are starting a blog series on “Fact-based Network Security: Metrics and the Pursuit of Prioritization“, starting in a couple of weeks.  Sounds pretty New School to me!  I suggest that you all check it out (…)

Read the rest of this entry »