More off-the-cuff ramblings while reading Microsoft’s Security Intelligence Report: will I actually get through this report? life intervenes… page 68: interesting data on parent and child malware… but I don’t know what to do with it. page 71: “An infected…
Author Archive for Pete Lindstrom
Somebody Pinch Me
by Pete Lindstrom • • Comments Off
Saw this headline on the InfoSecurity News mailing list today: “Firms spend only up to 20% of their budget on IT security“ This is one of the more bizarre statements I’ve seen in a long time. It refers to one…
Top Ten Web Security Risks
by Pete Lindstrom • • Comments Off
Here is a list of the top ten Web security risks: Hidden Manipulation Cookie Poisoning Backdoor and Debug Options Buffer Overflow Stealth Commanding 3rd Party Misconfiguration Known Vulnerabilities Parameter Tampering Cross Site Scripting Forceful Browsing Looks like a pretty timely…
Confirmation Bias at work?
by Pete Lindstrom • • 2 Comments
Evan Schuman has an intriguing blog post on the McAfee blog about whether the reduced number of data breach reports at DataLossDB.com are indicative of fewer actual data breaches. His answer is unequivocally “No.” His reasoning is as follows: Media…
Ramblings while reading Microsoft’s Security Intelligence Report
by Pete Lindstrom • • 1 Comment
I just downloaded Microsoft’s Security Intelligence Report. Given my predisposition toward good stats, I am looking forward to reading it. Herewith is a running chronology of my thoughts as I read it: opening pages – 25 authors! even more contributors!…
Lindstrom’s Razor is not about security spending
by Pete Lindstrom • • 2 Comments
After a few conversations, and having seen (part of) Russell Cameron Thomas’ post on the topic, I am beginning to realize that people are making a common mistake about Lindstrom’s Razor, which states: The digital assets in question must be…
What is “Lindstrom’s Razor”?
by Pete Lindstrom • • 1 Comment
Yesterday, Andrew Jaquith from Forrester blogged about digital asset value, in response to Russell Cameron Thomas’ post on the same topic, which was in response to a Jeremiah Grossman tweet*. Andrew’s post mentioned a cost-based approach I use for valuation…
You say you want an evolution…
by Pete Lindstrom • • Comments Off
… well, you know, we all want to change the world. Josh Corman from ISS/IBM is ready for change. He lays out a call to action over on fudsec.com. Lots of good comments over there. Here is my contribution: I…