Vulnerability Management

Vulnerability Management

Cognitive Dissonance or Spite?

I happened to see a tweet the other day that said: “If you want a bug fixed quickly, sell it on the Russian black market. It’ll be so heavily abused that the vendor will patch out of cycle.” Now, it…

Liability and Secure Software

iang over at Financial Cryptography has a thought-provoking discussion of liability (ht @alexhutton) and its corresponding risks. I think I added a comment (but can’t be sure) that said this: Culture and consciousness is all a distraction and very malleable.…

Monoculture Revisited

It’s been eight years since the “great monoculture debate” hit the press with a storm. Bruce Schneier and Marcus Ranum take on the topic in their he says/she says column for searchsecurity, though it doesn’t appear that Schneier actually believes…

Vulnerability Creation vs. Discovery vs. Fix

Michael Janke at Last In, First Out is rightly concerned about the respective run rates of the vulnerability creation process and our ability to fix them individually. He asks the question “Are we creating new vulnerabilities faster than we are…