Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: application security

So-so SASO … So What?

September 26, 2011 – 6:00 am – A couple of days ago, I happened across Oracle CISO Mary Ann Davidson’s August 24, 2011 blog, “Those Who Can’t Do, Audit” at http://blogs.oracle.com/maryanndavidson/entry/those_who_can_t_do and began writing a column about Davidson’s blog. Then I was pointed to Veracode’s Chris…
By | Posted in CSO/CISO Perspectives, Risk Analysis, software engineering | Also tagged , , , , , , , , , , , , , | Comments (0)

Application Security and Quantum Mechanics

May 17, 2011 – 6:00 am – It’s funny how analogies pop up in the strangest of places. There is an “Annals of Science” article by Rivka Galchen in The New Yorker of May 2, 2011 about physicist David Deutsch with the title “Dream Machine: The mind-expanding world of quantum computing.” It describes the weird…
By | Posted in CSO/CISO Perspectives, software engineering | Also tagged , , , , , | Comments (0)

Nastiness at NASDAQ

March 7, 2011 – 6:00 am – Did you catch the article in the February 5, 2010 Wall Street Journal about hacker intrusions at NASDAQ? It is by Devlin Barrett and has the title “Hackers Penetrate Nasdaq Computers.” It is believed that the initial penetration of NASDAQ’s networks and systems dates back to 2010. And it…
By | Posted in CSO/CISO Perspectives, Cybercrime | Also tagged , , , , , , , , | Comments (0)

Are We Busy Doing Nothing?

January 3, 2011 – 6:00 am – You must read the hair-raising article by Greg Shipley in the October 11, 2010 issue of InformationWeek titled “Epic Fail.” The article is featured on the cover of the magazine with the words “The Wrong Protection: We’ve spent billions on security products, so why are we so ill-prepared…
By | Posted in CSO/CISO Perspectives, General, Privacy | Also tagged , , , , | Comments (0)

Old Mother Hubbard and “Building Data Collection In”

November 22, 2010 – 6:00 am – Recently I listened to the webcast of a conference on the security-related data needs of researchers and how, if companies would only share the data, which they supposedly have, the academics would be in research heaven. As I listened, I couldn’t help thinking of the English nursery rhyme…
By | Posted in General, Security Metrics, Technical | Also tagged , , , , , , | Comments (0)