Grab bag: Be for something, fail fast, look around

Grab bag: Apple secures, Verizon out of copper

Grab bag: Information wants to be in a river

Grab bag: Humility, utopia, and self control

The Forrester application survey: 62% hacked through apps

Last week I indulged in a little live tweeting of a webinar my firm, Veracode, did with Chanxi Wang of Forrester, following up on our recent announcement of an independent survey in which 62% of the respondents reported being breached through at least one application vulnerability in 2008.

I’ve reposted the substance of my tweets below, followed by my $0.02 on the survey:

  • (1) #Veracode & Forrester app risk mgmt survey: in 2008 62% of respondents were breached thru app vulns but don’t know their app risk.
  • (2) As Kaspersky breach shows, 3rd party code is a big blind spot for most orgs.
  • (3) open source, outsourced and off the shelf code used frequently but 59% don’t do anything to secure OSS.
  • (4) only 32% require security at all stages of sdlc.
  • (5) top training method in 37% of respondents is to learn on the job from experienced devs… who can’t be hired.
  • (6) False sense of security pervasive. 94% think they know security of app portfolio but 40% dont know COTS risk
  • (7) ease of use plus secure plus time saving is driving factor for third party assessments.
  • (8) if you outsource code, consider outsourcing security assessments too.

Bottom line: the survey results suggest that application vulnerabilities lead to real risk for a lot of companies, but most companies don’t have secure practices that cover their development or training adequately, to say nothing of the risk from third party code.

Grab bag: Getting, and not getting, the Web

Grab bag: Blinking into the light of 2009

More intense inner torment, please

  • There’s probably a version of these markings for Mahler’s #2, because many of them look appropriate, e.g. “Langsam – Slowly; Schleppend – Slowly; Dampfer auf – Slowly; Mit Dampfer – Slowly; Allmahlich in das Hauptzeitmass ubergehen – Do not look at the conductor; Im Anfang sehr gemaechlich – In intense inner torment; Alle Betonungen sehr zart – With more intense inner torment; Getheilt (geth.) – Out of tune.”

Grab bag: Charging the pirates edition

Season over

Tonight was the last concert of the regular Symphony Hall season for the Tanglewood Festival Chorus, with our final production of Berlioz’s Te Deum. (For those keeping track at home, that’s two seasons in a row that we’ve closed out with Berlioz, though the Te Deum is a different order of magnitude–literally–from Les Troyens.)

It was a good concert. Before the performance, our Fearless Leader shared a few quick thoughts about our Friday afternoon show, saying, “And second tenors! Your entrance at the beginning had real beauty! For the very first time!” Aside from being a great example of John Oliver’s wit, the comment was also 100% correct. I am slowly realizing that with this chorus I can bring every ounce of my musicianship to every entrance, bring my voice to its limits every time, and it will almost be enough.

One thing I like about how things are going with the TFC is that I still have my voice intact after this concert run. In the past, I would have bellowed my way through a concert and blown out my pipes. There’s something nice about (a) knowing one’s limits and (b) recognizing when you are surrounded by 139 other highly gifted voices that can also help carry intensity and passion in the climactic moments.

The wonderful thing about a TFC season “ending,” of course, is that we never really are done. I’ll be at Tanglewood in July for Wagner’s Die Meistersinger and a reprise of the Brahms Requiem, and we get to start all over again just a few months later. Right now that sounds pretty good. I’m looking forward to the next run already. I haven’t sung Wagner yet.

links for 2009-05-01