Well, things have changed from almost 10 years ago, but I was taking a trip down memory lane with the new HP – Arcsight acquisition and came across this. I suppose nowadays perhaps RSA (EMC) should be buying Check Point,…
Vulnerability Management
Vulnerability Management
Disclosing the Elephant in the Room of the Disclosure Debate
by Pete Lindstrom • • Comments Off
There has been a lot of discussion lately about vulnerability disclosure, with Google and Microsoft respectively weighing in with their latest opinions on the topic. There is really nothing new here, as evidenced by the Google folks referencing a 9-year-old…
Charlie Miller’s “Teach a Man to Fish” approach to disclosure: the happy medium?
by Pete Lindstrom • • Comments Off
Pre-eminent bugfinder Charlie Miller mentioned an interesting approach to disclosure after he compromised another Apple system – demonstrate the attack, describe how the vulnerability was found, and let the chips fall where they may. (Actually, I think his “teach a…
Vswitch isolation and segmentation – an Illusion
by Pete Lindstrom • • Comments Off
Brad Hedlund points out a common misunderstanding in the virtualization networking world – you can segment and isolate all you want, but it is simply a logical construct. From a risk perspective, I equate this type of virtual segmentation (for…
You say you want an evolution…
by Pete Lindstrom • • Comments Off
… well, you know, we all want to change the world. Josh Corman from ISS/IBM is ready for change. He lays out a call to action over on fudsec.com. Lots of good comments over there. Here is my contribution: I…