Still going after all these years.
On the Veracode blog (where I now post from time to time), we had a retrospective on the Microsoft Trustworthy Computing memo, which had its ten year anniversary on the 15th. The retrospective spanned two posts and I’m quoted in the second: On January 15, 2002, I was in business school and had just accepted … Continue reading “Ten year lookback: the Trustworthy Computing memo”
Symbolic Violence Beats Lava Lamps All To Pieces Yet another reason to work at Veracode. Here, if a web developer breaks the build, thy just get a rubber chicken in their cube. (tags: humor development) Arthur Rimbaud’s Brief Career : The New Yorker Interesting overview of Rimbaud; would be interesting to check out the Ashbery … Continue reading “Grab bag: Rimbaud, currency psychology, symbolic violence”
451 – WhiteHat – Deal Analysis Interesting analysis of the White Hat/Infrared Security acquisition. Right about a number of things, including the importance of having multiple testing methods. Wrong about Veracode’s dynamic technology, which does “look at the running application in situ.” (tags: security)
True to form for this year, not only did I miss writing about my blogaversary on June 11, but I haven’t written much in almost a month. But yes, ten years ago I was a lonely intern at Microsoft, and decided to start writing on line for my family, and Google. One of the nice … Continue reading “Blogaversary 10 (a little late)”
Mobile Apps Invading Your Privacy You know that free services make their money on advertising, but what does that mean? How does one app that talks to five advertising services without explicit approval sound? (tags: security android mobile) SSL certificate authorities put us all at risk by handing out certs for “mail” “webmail” and other … Continue reading “Grab bag: Phone Home edition”
“Don’t ask, don’t tell” no longer enforced, Dan Choi reenlists – War Room – Salon.com Civil rights history in the making. (tags: gayrights) Feds forced to admit that it’s legal to take pictures of federal buildings – Boing Boing Nice that there is occasionally some sanity. (tags: photography) Exploring the Hacker Culture (Fox25 Boston) Nicely … Continue reading “Grab bag: Ask and tell”
SOMETHING ELSE!: Christian Scott – Yesterday You Said Tomorrow (2010) Good review of young trumpeter’s most recent album. (tags: jazz christianscott) Elvis Costello accelerates to 78 rpm for ‘National Ransom’ | Pop & Hiss | Los Angeles Times Heh. LPs are passe. Wonder if the 78s are shellac? (Hope not; there will be a lot … Continue reading “Grab bag: Almost all music edition”
MercuryNews.com : HP buys San Mateo software startup Fortify Gartner’s Joseph Feiman calls out Veracode as HP and IBM’s competitor. (tags: veracode fortify hp) Is the web really dead? – Boing Boing Lies, damned lies, and statistics. (tags: wired statistics)
HP to buy security firm Fortify | Business Tech – CNET News Delighted to see HP’s acquisition of Fortify. Veracode now stands alone in offering independent third party assessments of application binaries. HP’s acquisition validates the market while accentuating Veracode’s differentiation. (tags: hp fortify veracode) A List Apart: Articles: Good Help is Hard to Find … Continue reading “Grab bag: Fortify acquired”
Winds howl over the deserted moonscape behind Rupert Murdoch’s UK newspaper paywalls – Boing Boing Nice bit on the unplanned network effect: why bother interviewing in a Murdoch paper since the piece will have no life online? (tags: newspapers) Deadly combo: zero day application vulnerability + OS vulnerability = attacker win Just because your application … Continue reading “Grab bag: moonscapes, zero days, fiddling”
My software development lead and I are doing a webinar next week on how you do secure development within the Agile software development methodology (press release). To make the discussion more interesting, we aren’t talking in theoretical terms; we’ll be talking about what my company, Veracode, actually does during its secure development lifecycle. No surprise: … Continue reading “Doing secure development in an Agile world”
We’ve been working on hiring a product manager here at Veracode, and it’s gotten me thinking about technical literacy. The one thing you don’t want in a product manager is someone who thinks he can write the code better than his/her developers. That sets up a major problem with boundaries–you want the product manager to … Continue reading “Technical skill set for product managers”
Happy blogaversary to me! This year, I’m not going to do a year in review like I did in past years. I’m going to look ahead. Nine years ago today, I was an intern at Microsoft, on the other side of the country from my wife and family, confused about my work, my direction, and … Continue reading “Blogaversary 9”
Is .NET More Secure Than Java? Gartner uses Veracode’s data on application security to illustrate the point: in the real world, there aren’t significant security benefits in using .NET or Java to write an application. (tags: veracode security gartner)
SQL Injections Are the Most Common Website Vulnerability I think they forgot to open up the blog post with “Cross-site scripting, I’ma let you finish, but …” Seriously, the Veracode State of Software Security report found that XSS was more prevalent in web applications by a wide margin, both in terms of raw flaw count … Continue reading “Grab bag: Wacky programming tricks”