Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: application security

Missed by NIST

– NIST (The National Institute of Standards and Technology) issued for comments a “Discussion Draft of the Preliminary Cybersecurity Framework” on August 28, 2013, available at www.nist.gov/itl/cyberframework.cfm The draft document is the result of the Presidential Executive Order (EO) on…

Where Are the AppSec Candidates?

– I recently gave a presentation at the 2013 IEEE LISAT (Long Island Science, Applications and Technology) Conference on “Mitigating the Risks of Cyber-Security Systems.” First, I pointed out the important differences in definitions of cyber-security systems … some (such as the National…

The (Sorry) State of Application Security

– In January 2011, research firm Forrester Consulting published a report, which was commissioned by Microsoft, with the title “State of Application Security: Immature Practices Fuel Inefficiencies, But Positive ROI Is Attainable.” The report is available for download at…

So-so SASO … So What?

– A couple of days ago, I happened across Oracle CISO Mary Ann Davidson’s August 24, 2011 blog, “Those Who Can’t Do, Audit” at http://blogs.oracle.com/maryanndavidson/entry/those_who_can_t_do and began writing a column about Davidson’s blog. Then I was pointed to Veracode’s Chris…

Application Security and Quantum Mechanics

– It’s funny how analogies pop up in the strangest of places. There is an “Annals of Science” article by Rivka Galchen in The New Yorker of May 2, 2011 about physicist David Deutsch with the title “Dream Machine: The mind-expanding world of quantum computing.” It describes the weird…