All Posts

“Every time you perform arithmetic operations on ordinal numbers, God kills a kitten”

I was reading Rich Beijtlich’s blog today, and came across that quote from a commenter known only as JimmyTheGeek. Wonderfully funny, and spot on.

Retired Comedians and Missed Opportunities

There’s this old joke about a comedians’ retirement home that goes something like this:

An aging comedian decides to retire to a community that has just other comedians living in it. On his first day there, he does down to lunch, and there’s a bunch of retired fellow comics sitting around the table.

Web 2.0 Means “Security the Max Power Way”

Last week my Yankee Group research report “The Web 2.0 Security Train Wreck” went live on the Yankee website, and is available to our customers. Douglas Crockford, a very smart and informed web application expert at Yahoo, who I interviewed for the report, gave it a generally positive review. I sent him a courtesy copy, as is our practice.

Introducing Security Metrics, the Cartoon

Mark Curphey’s cynical vehicle for ripping the security industry gains another blunt instrument: the Hamster Wheel of Pain, featured in Chapter One in Security Metrics: Replacing Fear, Uncertainty and Doubt.

Blended Threats == Hemlock Smoothies

An open letter to all anti-virus software makers: February 2, 2006 Dear Antivirus Industry, Why are you so addicted to the term “blended threat”? It seems to mean something special to you… but it means nothing to anybody else.

The Devil’s Information Security Dictionary

Just saw the very funny Devil’s InfoSec Dictionary on the CSO site. Of course, I had to add a few definitions of my own: Blended threat: a hemlock smoothie Process, Security Is A: a throw-away line that explains why security measurement is impossible Risk management: a repeated process around the Hamster Wheel of Pain that vendors use to enumerate vulnerabilities you didn’t know you had, followed by serial remediation of same.