All Stories

Microsoft Security Intelligence Report 2H06

This is essentially a forward reference to a comment I made to another blog, but as it is related to the nature of reporting for vulnerabilities and quantitative progress against them...

In security, metrics, Windows, May 02, 2007

More Praise for “Security Metrics”

The bloggiste at Layer 8 just declared Security Metrics to be “That Good”. I have no idea who shrdlu actually is. But whomever she is, she deserves a hearty thank-you and an offer of ...

In security, metrics, books, Apr 15, 2007

Alex Hutton Likes “Security Metrics”

Alex Hutton was one of the editorial reviewers for several chapters of Security Metrics, and offered some excellent feedback during the writing stages. Now that the book has shipped, ...

In security, metrics, books, Apr 03, 2007

Introducing Security Metrics, the Cartoon

Mark Curphey’s cynical vehicle for ripping the security industry gains another blunt instrument: the Hamster Wheel of Pain, featured in Chapter One in Security Metrics: Replacing Fear...

In security, metrics, humor, Apr 01, 2007

Security Metrics Has Shipped

Greetings everybody! I am pleased to announce that my book, Security Metrics: Replacing Fear, Uncertainty and Doubt has shipped from the printers and is on its way to better bookstore...

In security, metrics, books, Mar 30, 2007
Security Metrics Has Shipped

Ryan, Joe, Joanna, and the “Serious Hole” in Vista’s UAC

ZDNet’s Ryan Naraine blogs about Joanna Rutkowska’s blog post on Vista security. Joanna pointed out that Vista’s Mandatory Integrity Control feature has a few implementation flaws and...

In security, Windows, Mac, Feb 14, 2007

And So It Begins, With Small Saturated Spots

My publisher, Addison-Wesley, has recently updated the information on my book, Security Metrics: Replacing Fear, Uncertainty and Doubt on Amazon. Although I am particularly fond of th...

In security, metrics, books, visualization, Jan 10, 2007
And So It Begins, With Small Saturated Spots

SSL is a Concrete Sewer Pipe

My buddy Gunnar Peterson has recently been raging about the inadequacies of REST security, pointing out that RESTful folks who equate transport-level confidentiality (such as SSL prov...

In security, Jan 03, 2007

Coding in Anger

Last week’s shutoff of this website’s self-registration system was something I did with deep misgivings. I’ve always been a fan of keeping the Web as open as possible. I cannot stand ...

In security, web security, identity, Jan 01, 2007

Fortify’s Java Open Review Project: a Nascent Security Benchmarking Effort?

Today I stumbled upon Fortify’s Java Open Review Project, whose goal is to count security defects in popular Java projects.I’d like to tip my cap to Brian Chess and the folks at Forti...

In security, metrics, Dec 14, 2006

Featured

  1. SRE Metrics and Security Measurement
    In metrics,
  2. Five Things the Last Decade Taught Me About Security Metrics
    In metricon,
  3. The Twenty-Year War on Cybercrime
    In security, risk, big data,
  4. Review of Stephen Few’s “Information Dashboard Design, Second Edition”
    In visualization,
  5. Cybersecurity for Machine-to-Machine (M2M) Networks
    In security,
  6. “Everything was green. Mulally thought that was odd for a company losing billions.”
    In strategy, leadership,
  7. Escaping the Hamster Wheel of Pain
    In security, hamsters, books,