All Stories

Good Metrics

Note from Andrew Jaquith: this essay is adapted from Chapter 2: Defining Security Metrics of my forthcoming book, Security Metrics: Replacing Fear, Uncertainty and Doubt from Addison-...

In security, metrics, books, Oct 15, 2006

SANS, Schadenfreude and the Mac

I’ve got to wonder about the what planet the SANS people live on these days. Apparently, in an effort to make their semi-annual Top 10 list of vulnerabilities appear “fair and balance...

In security, Windows, Mac, vendor-bashing, May 02, 2006

Open Letter to SC Magazine

Sent from my YG account 25 April 2006:

In security, Windows, Mac, Apr 24, 2006

Good Patch Management Metrics

Earlier today I stumbled across the NIST patch management pub; it was released in November 2005.

In security, metrics, Mar 03, 2006

Charging for Guaranteed Spam: Better Than It Sounds?

Much ink has been spilled over the recent AOL and Yahoo announcements that they will charge marketers five cents per e-mail to guarantee delivery of their mail, thus bypassing their s...

In security, spam, Feb 12, 2006

Blended Threats == Hemlock Smoothies

An open letter to all anti-virus software makers: February 2, 2006 Dear Antivirus Industry, Why are you so addicted to the term “blended threat”? It seems to mean something specia...

In security, humor, vendor-bashing, Feb 11, 2006

The Vulnerability Supply Chain

Yankee Group research may not be as well-subscribed as say, Gartner’s, but I like to think that it compares favorably with it. Earlier this year I wrote a research note titled Fear an...

In security, metrics, Dec 07, 2005

The Natives are Restless

Many readers know that my day job is as a security technology analyst for Yankee Group. Well, it’s about that time of year where we start to wind down our research calendar. One of th...

In security, Windows, research, Nov 29, 2005

The Devil’s Information Security Dictionary

Just saw the very funny Devil’s InfoSec Dictionary on the CSO site. Of course, I had to add a few definitions of my own: Blended threat: a hemlock smoothie Process, Security Is A: a...

In security, humor, Nov 14, 2005

Making the wrong development choices

I hate to be a curmudgeon about this, but this fellow needs a beat-down:Fixing AJAX: XmlHttpRequest Considered HarmfulI offer this as exhibit A (as in AJAX) about why application secu...

In applications, security, web security, Nov 09, 2005