Security Wisdom Watch: The good, bad and in-between

Much has happened this past month: Fresh hacktivist attacks, another massive data breach, security companies on the move. Here's my snapshot of the best, worst and in-between.

Thumbs up: Veracode -- The application risk management company is adding some serious firepower to its staff: Zach Lanier, most recently with Intrepidus Group. I've known Zach a long time. He is highly talented and respected in the community, and I've learned a lot from him. Expect big things from him and Veracode.

Thumbs down: Global Payments -- The credit card processor has some explaining to do after information on up to 1.5 million card numbers was apparently "exported" as a result of an unauthorized access into its processing system. Visa and MasterCard are alerting banks across the country about the breach, which could involve more than 10 million compromised card numbers. To be fair, the breach may have happened despite a top-notch security effort on the company's part. Time will tell. For now, any breach is cause for a thumbs down.

Thumbs both ways: QSAs -- Whenever a breach like the one at Global Payments happens, one of the first questions is whether the QSAs who performed the compliance audits were rigorous enough in their investigations. As with any profession, there are no doubt good and not-quite-so-good QSAs out there. Ultimately, though, responsibility for a breach rests with the company that's hacked.

Thumbs down: "Girls Around Me" app -- Privacy advocates are raising a red flag over this app, which collects data from FourSquare, showing local bars where women had checked in, matching that with information from their Facebook profiles, including photos and dating status. They should have called this trashy product the stalker app.

Thumbs down: Declaring hacktivist groups and technology dead -- The security community and those who cover it -- myself included -- have some really macabre death watch games we like to play. We salivate over the prospect of someone declaring technologies dead: IDS, pen testing, SIEM. But all those technologies are still with us. So why declare hacktivist groups like LulzSec dead whenever they leave the limelight? As we've seen with the recent LulzSec Reborn mischief, these people never really go away.

Copyright © 2012 IDG Communications, Inc.

The 10 most powerful cybersecurity companies