Author Archive for Pete Lindstrom

Somebody Pinch Me

Saw this headline on the InfoSecurity News mailing list today: “Firms spend only up to 20% of their budget on IT security“ This is one of the more bizarre statements I’ve seen in a long time. It refers to one…

Top Ten Web Security Risks

Here is a list of the top ten Web security risks: Hidden Manipulation Cookie Poisoning Backdoor and Debug Options Buffer Overflow Stealth Commanding 3rd Party Misconfiguration Known Vulnerabilities Parameter Tampering Cross Site Scripting Forceful Browsing Looks like a pretty timely…

Confirmation Bias at work?

Evan Schuman has an intriguing blog post on the McAfee blog about whether the reduced number of data breach reports at DataLossDB.com are indicative of fewer actual data breaches. His answer is unequivocally “No.” His reasoning is as follows: Media…

What is “Lindstrom’s Razor”?

Yesterday, Andrew Jaquith from Forrester blogged about digital asset value, in response to Russell Cameron Thomas’ post on the same topic, which was in response to a Jeremiah Grossman tweet*. Andrew’s post mentioned a cost-based approach I use for valuation…

You say you want an evolution…

… well, you know, we all want to change the world. Josh Corman from ISS/IBM is ready for change. He lays out a call to action over on fudsec.com. Lots of good comments over there. Here is my contribution: I…