Still going after all these years.
As I’ve been getting myself up to speed in learning about application security, a few resources have been extremely helpful. A good general background on application security issues, unsurprisingly, is contained in The Art of Software Security Testing, co-authored by Veracode cofounder Chris Wysopal. The book goes beyond the basic description of classes of application … Continue reading “Resources for application security education”
Font Bureau Fonts | ITC Franklin Nice new revision of Franklin Gothic. No pricing as yet. I like the way the compressed medium weight looks. (tags: typography) Verizon Time Warner Cable and Sprint To Block Usenet – Webmonkey I guess there’s no mourning Usenet. This is a really sad day. (tags: internet usenet) Chief Judge … Continue reading “links for 2008-06-13”
I’m at the Gartner IT Security Summit today and tomorrow (alas, I missed Bruce Sterling on the panel yesterday), and have been splitting my time between the show floor and a few of the sessions. I attended a few sessions on application security testing and on ITIL v. 3 this afternoon that sparked a few … Continue reading “The intersection of ITIL v.3 and application security”
Netcraft: Hacker redirects Barack Obama’s site to hillaryclinton.com. Okay, folks, here’s the thing: never trust any place where a user can enter text into your website and have it displayed back at you. Never trust any text that comes from a form field on your site. Because if you do, smart and devious people like … Continue reading “The intersection of Barack and security”
Man. You can tell the Internet is getting boring when no one bothers to do April Fool’s day pranks. Except for the following: Google: Virgle: The Adventure of Many Lifetimes. Answer a questionnaire and upload a YouTube video and you could be on your way to Mars! Zero in a Bit: New Attack Class: XSNADOR. … Continue reading “April First roundup”
I wasn’t able to attend this week’s SOURCE: Boston conference, which my company is cosponsoring, but reading about some of the talks and looking at some of the papers that are coming out of it has been fascinating. A few points: If you think protecting digital systems is hard, what about analog systems like the … Continue reading “Ripples from SOURCE: Boston: how much security is optimal?”
My current employer is built around a couple of concepts: certain kinds of needs are better served on demand than by buying a tool, and certain kinds of software testing (in our case, application security testing) can be automated. There are other concepts that come into our business model, but those are kind of at … Continue reading “Automated application testing has deep roots”
An interesting trio of articles hit yesterday. One is a summary of industry response to the announcement that President Bush intends to fund a massive network security initiative. The money quote is from Veracode’s co-founder and CTO, Chris Wysopal, who compares the initiative to “posting police on every corner in a dangerous neighborhood, but failing … Continue reading “The application is the perimeter”
The other category I planned to start almost two weeks ago was this one—it’s high time that I started writing more systematically about product management. And what better place to start than with the latest craze, agile software development? As Steve Johnson at the Product Management blog at Pragmatic Marketing is fond of pointing out, … Continue reading “If Agile is about conversations, who’s listening?”
A few days off from the blog were really necessary this week for me to recharge. My silence here belies the work that I was doing elsewhere, though I’m not quite ready to take that work public yet. It’s been pretty quiet all around, though, and I’m definitely ready to start a new challenge tomorrow … Continue reading “Rested and ready”