All Stories


Before the holidays I ran a quick, three-question, survey of the mailing list membership about the number of passwords people use. Here are the results, drawn from...

In security, metrics, passwords, Feb 05, 2008

Retired Comedians and Missed Opportunities

There’s this old joke about a comedians’ retirement home that goes something like this:

In security, Windows, humor, vendor-bashing, Jan 31, 2008

One Prediction for 2008: Site-Specific Browsers

I’ve noticed that sometimes it takes two or three “pings” for an idea to seep into my consciousness. I just got my second “ping” on a potentially Big Idea: site-specific browsers (SS...

In security, research, web security, Dec 31, 2007

Meta-Conclusions from the Chinese Honeynet Project

If you are involved in your firm’s desktop security strategies (Windows in particular), you should read this:

In security, bots, Dec 04, 2007

Run, Do Not Walk, To Your Browser and Read Dan Geer’s Analysis

Dan’s a friend of mine, and we are both data junkies. Right about the same time I put the capper on a research report on malware trends (coming soon to Yankee Group subscribers), Dan ...

In metrics, security, Nov 13, 2007

Web 2.0 Means “Security the Max Power Way”

Last week my Yankee Group research report “The Web 2.0 Security Train Wreck” went live on the Yankee website, and is available to our customers. Douglas Crockford, a very smart and in...

In research, security, humor, web security, Oct 17, 2007

Excuses Not To Use CVSS

I have always been a fan of the good work done by the CVSS folks. I have an obvious reason to like CVSS, of course: namely, to cheer on a former co-worker, Mike “Shifty” Schiffman, wh...

In security, metrics, Jul 25, 2007

The Futility of Geographic Security Metrics

While I would not call this a trend, I have noticed that lots of security companies like to put together impressive-looking charts, graphs and reports that purport to compare various ...

In security, metrics, vendor-bashing, Jul 19, 2007

What do Security-Conscious People Choose?

At security conferences and events, I have noticed that the distribution of operating systems seems to differ somewhat from what I read in the papers. As my last post showed, the Inte...

In security, Windows, Mac, metrics, May 22, 2007

Metrics from Internet Identity Workshop

This week, I am attending two security shows: the Internet Identity Workshop (IIW) in Mountain View, and the CardTech show in San Francisco. Both of these venues offer contrasting vie...

In security, metrics, May 15, 2007