Browse by Tags
I am a big fan of computer based training – I think the potential for this is enormous especially for organizations that are looking to train large numbers of their staff. One obvious advantage is the ability to scale easily across many employees and
Read More...
I was reading my buddy Alex Smolen's post the other day on Java Applet Security and figured I would see his post and raise it with a post on ActiveX control security. Actually, as you can probably see I have been slacking on the posting front so figured
Read More...
Again I know this is off topic but I had to share this . Thanks to my co-worker Jeremy Allen for sharing it with me. I did not have the opportunity to take any classes with this Professor while I was at CMU but I have heard of his work and what he has
Read More...
Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it!
Read More...
At the beginning of the year I was flying to California and the movie playing on board was The Queen featuring Helen Mirren . At a number of times during the movie the word "God" shows up – after all the anthem of the UK is God Save The Queen and the
Read More...
Much has been made about poor Miss Teen South Carolina messing up on Geography and everything else remotely academic. But honestly if Google News (with all of its Ph.Ds and Mensa members), NBC and KTUU can think Iraq is in Africa then who are we to criticize
Read More...
Having discussed the importance of security training and really its criticality – without security training most software security programs are doomed to failure – I wanted to spend a little bit of time talking about how to go about creating such a program.
Read More...
A few months ago, the software security folks at Microsoft put up a pretty insightful post on security trainings . Over the last few years I have had the opportunity to do a number of security assessments and I must agree that time and again, this fact
Read More...
I will be presenting at SD Best Practices 2007 which takes place at the Hynes Convention Center in Boston from September 18 th to the 21 st . I will be covering a topic close to my heart – being effective at code reviews for security . It should be fun
Read More...
It seems like the latest trend in blogging seems to be coming up with top 'N' lists of things and not to be left out I decided to come up with my own list. Guy Kawasaki is probably the uncontested leader in this area with his Art of Pitching for instance,
Read More...
My Virtual TechEd conversation with Mike Howard just went up on the Virtual TechEd site . Come watch a couple of software security practitioners chat about the state of the industry and where we go from here. Some of the key things we talk about include
Read More...
Today my friends is Patch Tuesday and like any good security professional ( J ) I went up to Microsoft Update to get my monthly dose of patches. 9 of them installed fine however one just would not install despite repeated tries. Specifically this was
Read More...
Last few trips I have flown I noticed the airlines (multiple) have started using metal silverware again – so metal knives etc? Did I miss some memo about the little knife on board not being a security threat no more? :P P.S. Or did it dawn on the wise
Read More...
Thanks to JD Meier at Microsoft I have become a huge fan of mind mapping in the last few years. When JD first introduced Mark Curphey and myself to this, I have to admit I wasn't on board immediately. It was a little too "new age" for me. So I went about
Read More...
New articles I have been working on in the last few months: Logging & Auditing (last of the SoftwareMag series) Security Requirements Engineering ( Paper from OWASP Europe 2007 ) Security Acceptance Testing ( Paper from OWASP Europe 2007 ) Security
Read More...