Category Archives: Technical

Old Mother Hubbard and “Building Data Collection In”

– Recently I listened to the webcast of a conference on the security-related data needs of researchers and how, if companies would only share the data, which they supposedly have, the academics would be in research heaven. As I listened, I couldn’t help thinking of the English nursery rhyme…

Software Begat Hardware Begat Software Begat …

– I happened to be browsing through some magazines at a newsstand when I came across the August 2010 issue of Scientific American and noticed that they were featuring an article by John Villasenor about “The Hacker in Your Hardware.” I found the description of what the author believes to be the…

The Infosec Game Has Changed – 154 Dead!

– It may not be the first instance, but it is probably the incident that will change the game on software security assurance going forward. An August 20, 2010 msnbc.com article, “Malware implicated in fatal Spanair plane crash: Computer monitoring system was infected with Trojan horse, authorities…

The Quest for Secure and Resilient Software

– Secure and Resilient Software Development (CRC Press, 2010) by Mark Merkow and Laksh Raghavan is a really good book. It addresses a key security area that is generally given short shrift, even though purportedly more than 70 percent of breaches result from attacks on the application layer. The…

Negative Testing Revisited – Vehicle Control Systems (Part 2)

– If I were to attribute the current issues with automobile systems to a specific cause, I would say that car and truck manufacturers have been affected by a major transition from mechanical engineering to software and systems engineering. However, it does not appear that they have changed their…