Source: [id: 41018; name: CSO; isActive: true; siteId: 3] -- CSO -- $content.altguid

Security Wisdom Watch: Dropping Names, For Better or Worse

CSO Senior Editor Bill Brenner looks at people, events and organizations making an impact on security for better or worse.

By , Senior Editor

December 08, 2009CSO

The following is a monthly feature in the print version of CSO. This installment covers the Security Wisdom Watch columns from the most recent print editions.

Thumbs up: OWASP: The Open Web Application Security Project has been pushing aggressively to do something about the sloppy state of app security. One key goal is to get app writers to make security a central part of the development process. CSO magazine witnessed one such effort last month -- the AppSec D.C. conference in Washington, where attendees were treated to a wealth of workshops, presentations and fresh data on the latest security threats. Awareness is key in this fight, and OWASP remains a leader in this regard.

Thumbs up: Josh Corman. The 451 Group analyst ticks off a lot of QSA types when he compares antivirus tools and firewalls to wooden shields and swords and calls PCI DSS a devil. But somebody has to challenge the conventional wisdom and make companies rethink their security programs, and he does it well.

Thumbs down: Federal data security legislation. Given all the cries for one simplified cybersecurity law that trumps all the state laws, there sure are a lot of misgivings about the notion of Washington enforcing security compliance. One would think Washington has a real problem enforcing the standards it sets.

Thumbs down: Smart phones in the courtroom. Jurors using their iPhones to tweet details of the cases theyre hearing to friends, family and colleagues? Its happening at a disturbing rate. Court officers: Tell jurors to hand over their phones before taking their seat on the panel.

Thumbs both ways: Arnold Schwarzenegger. The Governator was criticized after he vetoed an update to Californias landmark data-breach notification law, saying the new bill would be too hard on businesses without adequately benefiting consumers. Some businesses would argue hes right.

Thumbs down: Jason Miller, security and data team manager for patch management vendor Shavlik Technologies. Sure, Microsofts October Patch Tuesday update was the largest ever. But Miller helped nobody by throwing around such FUD-laced descriptions as administrative nightmare.

Thumbs up: Dow Chemical Company. The company deserves credit for its Transportation Community Awareness and Emergency Response leadership. The national outreach effort brings chemical and transportation industry experts into local communities to provide free transportation and chemical safety training to emergency personnel.

Thumbs down: We the People. Our addiction to social networking sites like Facebook and Twitter is causing us to willingly abdicate our privacy rights. We have met the enemy, and it is us.

Thumbs up: Adobe. Because the company blatantly copied Microsofts patch release process, users may actually have an easier time improving their app security from now on.

Read more about application security in CSOonline's Application Security section.

Other stories by Bill Brenner

RESOURCE CENTER