Drift metrics can help measure how well-managed an enterprise’s technology assets are. CISOs can mine data contained in mainstream cloud configuration tools to understand conformance or divergence from expected states.
Image copyright 2016 by Kharnagy, licensed under the Creative Commons Attribution-Share Alike 4.0 International license. Many ardent followers of this blog know that among other things, one of my professional hobbies is application development.
Soon, I will be moving the securitymetrics.org website to a simpler, secure and more usable system—the same platform that powers Markerbench. It should be done in time for Mini-Metricon (March 1st, 2013).
As part of a continuing experiment with static blogging, I have moved all of my historical blog posts from securitymetrics.org to Markerbench.com. Everything is now here, including the somewhat notorious essay Escaping the Hamster Wheel of Pain, which introduced a certain rodent-related metaphor to the security trade and served as the introduction to my book, “Security Metrics: Replacing Fear, Uncertainty and Doubt”.
A few weeks ago I put together my annual Predictions blog post for the coming year. In that post and accompanying webinar, I suggested five emerging risk areas that CISOs need to pay attention to in the coming year.
I hate to be a curmudgeon about this, but this fellow needs a beat-down:
Fixing AJAX: XmlHttpRequest Considered Harmful
I offer this as exhibit A (as in AJAX) about why application security may well be intractable, in part because we’ve got mainstream technical outlets teaching techniques to evade well-founded security principles.
