Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Category Archives: Technical

Heartbled and Shellshocked … What Can We Do?

– Well, it happened again. A serious security bug was found in a piece of open-source code called Bash, which is integrated into such ubiquitous software packages as Linux, Mac OS and Apache, and potentially Android. This time the bug, which is called Shellshock, has supposedly been lurking…

Software Assurance (SwA) and the Department of Defense (DoD)

– On December 16, 2013 the Office of the Assistant Secretary of Defense for Research and Engineering (ASD(R&E)) issued a Request for Information (RFI) with the title “Software Assurance,” which can be found via on the FedBizOpps website at:…

It’s About Availability and Integrity (not so much Confidentiality)

– I have frequently contended that the more important aspects of security are availability and integrity, not confidentiality (the old C-I-A triad should be A-I-C in order of importance). That is not to say that confidentiality and privacy aren’t extremely important—they certainly are. But in…

Safe and Secure Software Systems Engineering (S4E)

– As you read this, you probably will be saying to yourself, “Why would anyone waste so much time worrying about semantics?” Good question. I began thinking the same way after struggling with definitions in this space for some time. In the end, I concluded that it might be worthwhile after all.…

Old Mother Hubbard and “Building Data Collection In”

– Recently I listened to the webcast of a conference on the security-related data needs of researchers and how, if companies would only share the data, which they supposedly have, the academics would be in research heaven. As I listened, I couldn’t help thinking of the English nursery rhyme…