Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Category Archives: software engineering

Yet Another Case of Third-Party Breach Discovery

– On the front page of the Business Day section of The New York Times of November 1, 2014, is an article by Matthew Goldstein and Nicole Perlroth with the title “Luck Helped in Discovery of Breach at JPMorgan.” It never ceases to amaze me how few publicized data breaches are actually discovered…

Cybersecurity—Eliminating Vulnerabilities and Weaknesses at the Source: A Comparison with Malaria … and Ebola

– It has always bothered me that infosec professionals spend so much of their time chasing around after threats and vulnerabilities, many of which could have been avoided if only suitable requirements, design and hygiene had been observed at the outset. While this might seem like a simple concept,…

Heartbled and Shellshocked … What Can We Do?

– Well, it happened again. A serious security bug was found in a piece of open-source code called Bash, which is integrated into such ubiquitous software packages as Linux, Mac OS and Apache, and potentially Android. This time the bug, which is called Shellshock, has supposedly been lurking…

Cybersecurity is Failing … per Spafford

– Eugene Spafford, who is the highly-regarded executive director of the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University, is well known for his outspokenness. This trait again came to the fore in a June 24, 2014 article “Security Expert:…

The “Patch and Pray” Approach to Cybersecurity

– On the front page of The New York Times of August 6, 2014, Nicole Perlroth and David Gelles published an article “Russian Hackers Steal Passwords of Billion Users: Data Still Vulnerable – 420,000 Sites, Big and Small, Were Targets, Firm Says.” Usually I wait a week to two or even a month or…