The cool thing about Mary Ann Davidson is she doesn’t mince her words; you know where she stands on every issue and she is willing to own it in the security world. So when I started hearing some buzz about…
Random
My Dream Metrics Status Report
by Pete Lindstrom • • Comments Off
“Last month, our IT and information assets generated $20 million in revenue in support of 15,000 people using 350 applications. To accomplish this feat, over 32 million connections were attempted across our systems and we applied specific control measures an…
Attention InfoSec Pros: measuring risk is in your future
by Pete Lindstrom • • Comments Off
Mike Rothman of Securosis stirs things up a bit with his “Risk Metrics are Crap” post. This type of exercise forces participants to make public commitments. In itself, this is not a huge deal since many positions of those in…
Nuh, uh; Yuh, huh
by Pete Lindstrom • • Comments Off
(is that title the proper English spelling of two kids disagreeing? who knows…) Andrew Gelman’s enlightening blog points to a great example how scientific research helps us get smarter. He excerpts: Three articles published [by Brett Pelham et al.] have…
Vulnerability Creation vs. Discovery vs. Fix
by Pete Lindstrom • • Comments Off
Michael Janke at Last In, First Out is rightly concerned about the respective run rates of the vulnerability creation process and our ability to fix them individually. He asks the question “Are we creating new vulnerabilities faster than we are…
Verizon PCI Report: the PCI 80/20 Rule
by Pete Lindstrom • • 1 Comment
Today, Verizon released its Verizon 2010 Payment Card Industry Compliance Report which I had the pleasure of working on. One of the most interesting things in my opinion is the PCI 80/20 Rule. The broad results of the report show…
Announcing: The Month of No Bugs (MONB)!
by Pete Lindstrom • • Comments Off
It is with great excitement and anticipation that I announce the Month of No Bugs (MONB)! This month, I promise NOT to look for any new bugs out there, NOT to artificially elevate my bugs above all others, NOT to…
Disclosing the Elephant in the Room of the Disclosure Debate
by Pete Lindstrom • • Comments Off
There has been a lot of discussion lately about vulnerability disclosure, with Google and Microsoft respectively weighing in with their latest opinions on the topic. There is really nothing new here, as evidenced by the Google folks referencing a 9-year-old…