Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Category Archives: Technical

Software Assurance (SwA) and the Department of Defense (DoD)

– On December 16, 2013 the Office of the Assistant Secretary of Defense for Research and Engineering (ASD(R&E)) issued a Request for Information (RFI) with the title “Software Assurance,” which can be found via on the FedBizOpps website at:…

It’s About Availability and Integrity (not so much Confidentiality)

– I have frequently contended that the more important aspects of security are availability and integrity, not confidentiality (the old C-I-A triad should be A-I-C in order of importance). That is not to say that confidentiality and privacy aren’t extremely important—they certainly are. But in…

Safe and Secure Software Systems Engineering (S4E)

– As you read this, you probably will be saying to yourself, “Why would anyone waste so much time worrying about semantics?” Good question. I began thinking the same way after struggling with definitions in this space for some time. In the end, I concluded that it might be worthwhile after all.…

Old Mother Hubbard and “Building Data Collection In”

– Recently I listened to the webcast of a conference on the security-related data needs of researchers and how, if companies would only share the data, which they supposedly have, the academics would be in research heaven. As I listened, I couldn’t help thinking of the English nursery rhyme…

Software Begat Hardware Begat Software Begat …

– I happened to be browsing through some magazines at a newsstand when I came across the August 2010 issue of Scientific American and noticed that they were featuring an article by John Villasenor about “The Hacker in Your Hardware.” I found the description of what the author believes to be the…