The Snake Oil Days of Internet Health
In the mid-1800s, Chinese laborers working on the Transcontinental Railroad rubbed sore muscles with an ointment made from the Chinese water snake. According to a 2007 article in Scientific American, a California researcher found that...
5 Top Trends Redefining CSO Priorities
The CSO carries a heavy load, as the person responsible for overall direction of security functions associated with IT applications, communications, and computing services and security within the enterprise. Part of what makes the...
Protecting the Supply Chain傍he CSO Rides Shotgun
When I was a teenager and a group of us headed to the car for some fun, someone would inevitably yell “I’ve got shotgun,” kicking off a race to the car and a round of “discussions” before seating arrangements were finally settled –...
Career Advice? One Word. Are You Listening? … Cybersecurity
Advice on what a young person should choose for a future is as old as civilization. In the United States the classic satirical take on such advice was in the 1967 movie “The Graduate”, when Dustin Hoffman playing an overwhelmed...
Scrutiny of Mozilla Security Claims
One particular vendor claims they are the "safest web browser" - but are they really? Follow this series of articles to see if the claims can stand up to close scrutiny.
Which Desktop OS Had the Most Vulns in Q1 2008?
2007, who cares? What have you done for me lately? Let's take a look at some Client/Desktop/Workstation operating systems and see which users had the most ... and the least pain from vulnerabilities and patching from January through...
Windows XP SP2 or Windows Vista - Which Did Better in 2007?
You've been hearing the stories about how people just want to stick with Windows XP SP2, but Windows Vista security is supposed to be better. Do you wonder how many vulnerabilities and patches each one had in 2007? Read on...
SQL Server : The Real Security Story
SQL Server has come a long way in the past 5 years, though the history seems to linger. Let's look at the recent history and see what the story is with database vulnerabilities.
Windows Server 2008 Launch Security Highlights
Building upon the progress made in Windows Server 2003, SQL Server 2005 and Visual Studio 2005, Microsoft today launched the new generation of each of these products.
Jesper Johannsen Does Some Windows Vista Analysis
Okay, so you had some further questions after reading my Windows Vista One Year Vulnerability Analysis. So, did Jesper Johannson, but he decided to do the analysis and find some answers. Read here to see what questions he asked ......
Windows Vista One Year Vulnerability Report
Having published a Windows Vista vulnerability report after 90-days and six-months, I am sure it will come as no surprise to folks that I have been working on a one year analysis as well. Take a look at this post to see some...
Internet Explorer and Firefox Vulnerability Analysis Report
Internet Explorer or Firefox - Which way should you go? If I asked you which browser had the better record in terms of security vulnerabilities, I know what your guess might be, but do you know for sure? Want to find out?
On Vendor and Third-Party Severity Rating Systems - Part 1
Is that vulnerability a High Severity, Critical, Highly Critical, or Low? Or maybe it is a "minor issue". It probably depends on who you ask. In this first of a multi-part series, I look at vendor and third-party severity rating...
Benefit of Security and Privacy Collaboration
Are Security and Privacy efforts driven in different organizations at your company? Some recent research shows that there may be benefits to higher levels of collaborations between them...
Microsoft Security Intelligence Report 1H07
The third volume of the Microsoft Security Intelligence Report (SIR) is now available for download.
The 80/20 of Managing Software Risk
How would affect your IT department's focus if you could have a product with perfect security quality, or in other words, no expectation of exposure due to a vulnerability?
Days of Risk in 2006 : Client OS Products
Who really cares about how a vendor responds for all products? Isn't the question really how they did for my product, the client I use as my workstation? Let's look at days-of-risk for that...
Days-of-risk in 2006 : Linux, Mac OS X, Solaris and Windows
A vulnerability is made public ... time passes ... a vendor issues a fix. Who did that the fastest in 2006? Are vendors getting better? Do the vendors fix High severity issues faster? Read on to find out ...
Basic Guide to Days of Risk
Days-of-risk - what is that anyway? Obviously it has something to do with being at risk, but what is it and where did it come from?
April 2007 - Operating System Vulnerability Scorecard
Over a third of the way through 2007 already ... and the security vulnerabilities just keep on coming. Who is the surprise "leader" for most vulnerabilities? Mac OS Tiger ... check out all of the details.
