All Posts
Moving securitymetrics.org to Octopress
Soon, I will be moving the securitymetrics.org website to a simpler, secure and more usable system—the same platform that powers Markerbench. It should be done in time for Mini-Metricon (March 1st, 2013).
Paving Over the Proprietary Web: The Java Security Bigger Picture
Perhaps you’ve heard about the recently disclosed Java 7 zero-day exploit. The flaw allows a remote attacker to take complete control of a computer. It has been incorporated into many exploit kits.
Outsource your web risks with a static website
A few weeks ago I put together my annual Predictions blog post for the coming year. In that post and accompanying webinar, I suggested five emerging risk areas that CISOs need to pay attention to in the coming year.
One Prediction for 2008: Site-Specific Browsers
I’ve noticed that sometimes it takes two or three “pings” for an idea to seep into my consciousness. I just got my second “ping” on a potentially Big Idea: site-specific browsers (SSBs).
Web 2.0 Means “Security the Max Power Way”
Last week my Yankee Group research report “The Web 2.0 Security Train Wreck” went live on the Yankee website, and is available to our customers. Douglas Crockford, a very smart and informed web application expert at Yahoo, who I interviewed for the report, gave it a generally positive review. I sent him a courtesy copy, as is our practice.
Coding in Anger
Last week’s shutoff of this website’s self-registration system was something I did with deep misgivings. I’ve always been a fan of keeping the Web as open as possible. I cannot stand soul-sucking, personally invasive registration processes like the New York Times website. However, my experience with a particularly persistent Italian vandal was instructive, and it got me thinking about the relationship between accountability and identity.