All Stories

Passwords-O-Plenty

Before the holidays I ran a quick, three-question, survey of the securitymetrics.org mailing list membership about the number of passwords people use. Here are the results, drawn from...

In security, metrics, passwords, Feb 05, 2008

Retired Comedians and Missed Opportunities

There’s this old joke about a comedians’ retirement home that goes something like this:

In security, Windows, humor, vendor-bashing, Jan 31, 2008

One Prediction for 2008: Site-Specific Browsers

I’ve noticed that sometimes it takes two or three “pings” for an idea to seep into my consciousness. I just got my second “ping” on a potentially Big Idea: site-specific browsers (SS...

In security, research, web security, Dec 31, 2007

Meta-Conclusions from the Chinese Honeynet Project

If you are involved in your firm’s desktop security strategies (Windows in particular), you should read this:

In security, bots, Dec 04, 2007

Run, Do Not Walk, To Your Browser and Read Dan Geer’s Analysis

Dan’s a friend of mine, and we are both data junkies. Right about the same time I put the capper on a research report on malware trends (coming soon to Yankee Group subscribers), Dan ...

In metrics, security, Nov 13, 2007

Web 2.0 Means “Security the Max Power Way”

Last week my Yankee Group research report “The Web 2.0 Security Train Wreck” went live on the Yankee website, and is available to our customers. Douglas Crockford, a very smart and in...

In research, security, humor, web security, Oct 17, 2007

Excuses Not To Use CVSS

I have always been a fan of the good work done by the CVSS folks. I have an obvious reason to like CVSS, of course: namely, to cheer on a former co-worker, Mike “Shifty” Schiffman, wh...

In security, metrics, Jul 25, 2007

The Futility of Geographic Security Metrics

While I would not call this a trend, I have noticed that lots of security companies like to put together impressive-looking charts, graphs and reports that purport to compare various ...

In security, metrics, vendor-bashing, Jul 19, 2007

What do Security-Conscious People Choose?

At security conferences and events, I have noticed that the distribution of operating systems seems to differ somewhat from what I read in the papers. As my last post showed, the Inte...

In security, Windows, Mac, metrics, May 22, 2007

Metrics from Internet Identity Workshop

This week, I am attending two security shows: the Internet Identity Workshop (IIW) in Mountain View, and the CardTech show in San Francisco. Both of these venues offer contrasting vie...

In security, metrics, May 15, 2007

Featured

  1. SRE Metrics and Security Measurement
    In metrics,
  2. Five Things the Last Decade Taught Me About Security Metrics
    In metricon,
  3. The Twenty-Year War on Cybercrime
    In security, risk, big data,
  4. Review of Stephen Few’s “Information Dashboard Design, Second Edition”
    In visualization,
  5. Cybersecurity for Machine-to-Machine (M2M) Networks
    In security,
  6. “Everything was green. Mulally thought that was odd for a company losing billions.”
    In strategy, leadership,
  7. Escaping the Hamster Wheel of Pain
    In security, hamsters, books,