All Stories

“Everything was green. Mulally thought that was odd for a company losing billions.”

I have been a fan of the Ford Motor Company ever since I was a boy. There’s no rational reason for it, but then again, experts tell us that brand preferences are formed at very early ...

In strategy, leadership, Feb 21, 2013

Bully for BlackBerry. But Is It Too Late?

Last week Research In Motion announced three things:

In mobile, Feb 15, 2013

Four Things To Like About Obama’s Executive Order on Cyber-Security... and Four to Dislike

During his State of the Union Address on Tuesday night, President Obama announced an Executive Order on Cyber-Security. The full text is available in many places, including Wired. I’d...

In security, Feb 14, 2013

Moving securitymetrics.org to Octopress

Soon, I will be moving the securitymetrics.org website to a simpler, secure and more usable system – the same platform that powers Markerbench. It should be done in time for Mini-Metr...

In security, web websites, applications, Feb 04, 2013

All Andy’s Posts Now on Markerbench

As part of a continuing experiment with static blogging, I have moved all of my historical blog posts from securitymetrics.org to Markerbench.com. Everything is now here, including th...

In blog, applications, Jan 29, 2013

Paving Over the Proprietary Web: The Java Security Bigger Picture

Perhaps you’ve heard about the recently disclosed Java 7 zero-day exploit. The flaw allows a remote attacker to take complete control of a computer. It has been incorporated into many...

In Java, Flash, ActiveX, Oracle, web security, Jan 21, 2013

Review of Gene Kim’s novel, “The Phoenix Project”

Over the Christmas holidays, I read an advance copy of Gene Kim’s first novel, “The Phoenix Project.” Gene’s co-authors were Kevin Behr and George Spafford. It was a better read than ...

In books, DevOps, Jan 17, 2013

Outsource your web risks with a static website

A few weeks ago I put together my annual Predictions blog post for the coming year. In that post and accompanying webinar, I suggested five emerging risk areas that CISOs need to pay ...

In security, web websites, applications, Jan 08, 2013

“Every time you perform arithmetic operations on ordinal numbers, God kills a kitten”

I was reading Rich Beijtlich’s blog today, and came across that quote from a commenter known only as JimmyTheGeek. Wonderfully funny, and spot on.

In humor, metrics, security, Feb 19, 2008

Passwords-O-Plenty

Before the holidays I ran a quick, three-question, survey of the securitymetrics.org mailing list membership about the number of passwords people use. Here are the results, drawn from...

In security, metrics, passwords, Feb 05, 2008