Sharing Research Data

by adam on January 30, 2012

I wanted to share an article from the November issue of the Public Library of Science, both because it’s interesting reading and because of what it tells us about the state of security research. The paper is “Willingness to Share (…)

Read the rest of this entry »

Aviation Safety

by adam on January 25, 2012

The past 10 years have been the best in the country’s aviation history with 153 fatalities. That’s two deaths for every 100 million passengers on commercial flights, according to an Associated Press analysis of government accident data. The improvement is (…)

Read the rest of this entry »

Kudos to Ponemon

by adam on January 23, 2012

In the past, we have has some decidedly critical words for the Ponemon Institute reports, such as “A critique of Ponemon Institute methodology for “churn”” or “Another critique of Ponemon’s method for estimating ‘cost of data breach’“. And to be (…)

Read the rest of this entry »

Oracle’s 78 Patches This Quarter, Whatever…

by David Mortman on January 19, 2012

There’s been a lot of noise of late because Oracle just released their latest round of patches and there are a total of 78 of them. There’s no doubt that that is a lot of patches. But in and of (…)

Read the rest of this entry »

Please Participate: Survey on Metrics

by alex on January 16, 2012

I got an email from my friend John Johnson who is doing a survey about metrics.  If you have some time, please respond… ———————————————————————————————————————————————— I am seeking feedback from others who may have experience developing and presenting security metrics to (…)

Read the rest of this entry »

Continuous Deployment and Security

by David Mortman on January 16, 2012

From an operations and security perspective, continuous deployment is either the best idea since sliced bread or the worst idea since organic spray pancakes in a can. It’s all of matter of execution. Continuos deployment is the logical extension of (…)

Read the rest of this entry »

Please vote New School

by adam on January 12, 2012

We’re honored to be nominated in three categories for the Security Bloggers Awards: Most Educational Most Entertaining Hall of Fame On behalf of all of us who blog here, we’re honored by the nomination, and would like to ask for (…)

Read the rest of this entry »

The New School of Software Engineering?

by adam on January 11, 2012

This is a great video about how much of software engineering runs on folk knowledge about how software is built: “Greg Wilson – What We Actually Know About Software Development, and Why We Believe It’s True” There’s a very strong (…)

Read the rest of this entry »

New School Approaches to Passwords

by adam on January 10, 2012

Adam Montville left a comment on my post, “Paper: The Security of Password Expiration“, and I wanted to expand on his question: Passwords suck when they’re not properly cared for. We know this. Any other known form of authentication we (…)

Read the rest of this entry »

How to Send Adam into Hysterics

by alex on January 10, 2012

Via Nathan Yau’s awesome Flowing Data blog.