Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Category Archives: Security Metrics

Are Big Data Big Enough for Information Security?

– The simple answer is … no! But how can that be? Surely if we were to assemble every scrap of available data about our systems and networks and their use, we should be able to find the veritable needles in the haystacks, given the right tools and sufficient time. This is clearly an underlying…

Driven off the Road by Security Metrics

– An article in the July 18, 2011 issue of TIME Magazine caught my eye. It was Rana Foroohar’s piece, on page 22, with the title “Driven off the Road by M.B.A.s: The rise of business schools coincided with the fall of American Industry.” The thesis presented is that the U.S. economy tanked…

Vindication for Toyota? Proving the Negative

– In my February 16, 2010 Bloginfosec column “Negative Testing Revisited – Vehicle Control Systems (Part 1),” I describe and discuss the concerns about the software controlling the brakes on Toyota regular-engine and hybrid vehicles and Ford hybrids. The supposition was that there were…

Old Mother Hubbard and “Building Data Collection In”

– Recently I listened to the webcast of a conference on the security-related data needs of researchers and how, if companies would only share the data, which they supposedly have, the academics would be in research heaven. As I listened, I couldn’t help thinking of the English nursery rhyme…

The Quest for Secure and Resilient Software

– Secure and Resilient Software Development (CRC Press, 2010) by Mark Merkow and Laksh Raghavan is a really good book. It addresses a key security area that is generally given short shrift, even though purportedly more than 70 percent of breaches result from attacks on the application layer. The…