Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Category Archives: software engineering

The “Patch and Pray” Approach to Cybersecurity

– On the front page of The New York Times of August 6, 2014, Nicole Perlroth and David Gelles published an article “Russian Hackers Steal Passwords of Billion Users: Data Still Vulnerable – 420,000 Sites, Big and Small, Were Targets, Firm Says.” Usually I wait a week to two or even a month or…

CISOs Are Like Sheep to the Slaughter

– It took almost 10 years, but my claim that the role of the CISO is to take the blame when something goes awry, even if only marginally attributable to information security, goes awry has at last been substantially validated. Let’s scroll back to December 2004. I was a member of a panel of…

Cyber Risk Bubble Babble

– Much has been written and said about the recurrence of a bubble in Internet stocks and its imminent bursting. Significant declines in some stock  prices have already taken place … as described in the article by Rolfe Winkler, Matt Jarzemsky and Evelyn Rusli, “Tech-Stock Drop Hits Startup…

Aviation Security

– The loss of the Malaysia Airlines Boeing 777 flight MH370 has raised general interest in the issue of aircraft system security in addition to the usual focus on aircraft safety. While I did spend some time on the security of avionics in my book “Engineering Safe and Secure Software Systems”…

It’s About Time … Tamper-Proofing Aircraft Systems

– It took a while after the disappearance of flight MH370 and a series of harebrained conspiracy theories … a month in fact … before the necessity to tamper-proof avionics became a topic for discussion. For example, Andy Pasztor and Jon Ostrower wrote a piece in The Wall Street Journal…