Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: OWASP

The “Patch and Pray” Approach to Cybersecurity

– On the front page of The New York Times of August 6, 2014, Nicole Perlroth and David Gelles published an article “Russian Hackers Steal Passwords of Billion Users: Data Still Vulnerable – 420,000 Sites, Big and Small, Were Targets, Firm Says.” Usually I wait a week to two or even a month or…

CISOs Are Like Sheep to the Slaughter

– It took almost 10 years, but my claim that the role of the CISO is to take the blame when something goes awry, even if only marginally attributable to information security, goes awry has at last been substantially validated. Let’s scroll back to December 2004. I was a member of a panel of…

Where Are the AppSec Candidates?

– I recently gave a presentation at the 2013 IEEE LISAT (Long Island Science, Applications and Technology) Conference on “Mitigating the Risks of Cyber-Security Systems.” First, I pointed out the important differences in definitions of cyber-security systems … some (such as the National…

Was Citi Sleeping? Could Functional Security Testing Have Saved the Day?

– Do you remember reading over the summer about Citigroup having a security hole in an iPhone app, which stored all manner of nonpublic personal information in a file? … and that the data could then be transferred to a PC? In the Technology section of the July 27, 2010 The Wall Street Journal,…

Application Security – Where It’s At

– Some time ago, I was planning to write about my participation last year in a conference and a workshop on application security and software assurance respectively. One was the annual OWASP (Open Web Application Security Project) Conference in New York and the other was a workshop on the business…