Spire Security Viewpoint

Spire Security Viewpoint

Risk and Cybersecurity Analysis

Main menu

  • Security Economics
  • Metrics
  • Four Disciplines
    • Identity Management
    • Vulnerability Management
    • Threat Management
    • Trust Management
  • AMP Firehose
  • Research
  • About

Sub menu

Categories

  • AMP Firehose (7)
  • Economics and Risk (38)
  • Highlights (373)
  • Identity Management (104)
  • Incidents (36)
  • Metrics (86)
  • Quotes (2)
  • Random (33)
  • Threat Management (128)
  • Trust Management (16)
  • Vulnerability Management (210)

Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org

Archives

Economics and Risk, Highlights, Random, Vulnerability Management

Disclosing the Elephant in the Room of the Disclosure Debate

by Pete Lindstrom • July 23, 2010

There has been a lot of discussion lately about vulnerability disclosure, with Google and Microsoft respectively weighing in with their latest opinions on the topic. There is really nothing new here, as evidenced by the Google folks referencing a 9-year-old…

Read more →

Economics and Risk, Highlights, Metrics, Random

There is no such thing as *Real* Value

by Pete Lindstrom • May 26, 2010

Rich Mogull has started a fire on his Securosis blog addressing questions of value and loss. I would like to provide some feedback. Most importantly, I would like to address this point: “I consider that an implied or assumed value,…

Read more →

Economics and Risk, Highlights, Random, Vulnerability Management

Charlie Miller’s “Teach a Man to Fish” approach to disclosure: the happy medium?

by Pete Lindstrom • April 29, 2010

Pre-eminent bugfinder Charlie Miller mentioned an interesting approach to disclosure after he compromised another Apple system – demonstrate the attack, describe how the vulnerability was found, and let the chips fall where they may. (Actually, I think his “teach a…

Read more →

Economics and Risk, Highlights

Can you have “more secure software” and still have greater risk?

by Pete Lindstrom • April 27, 2010

Answer: Yes. Here’s how: The software element of the risk equation only accounts for vulnerabilities, it doesn’t address threat. So we can reduce our vulnerability level and therefore have “more secure software” in the midst of increased risk. This manifests…

Read more →

Economics and Risk, Highlights, Metrics, Random

Rudeness, risk and vulnerability disclosure

by Pete Lindstrom • April 26, 2010

Robert Graham at Errata Security has yet another thoughtful post – this one on the “rudeness” of vulnerability disclosure. His key point: “However, vuln disclosure isn’t friendly. It is an inherently rude act.” It is an interesting post, primarily focused…

Read more →

Highlights, Vulnerability Management

Vswitch isolation and segmentation – an Illusion

by Pete Lindstrom • March 26, 2010

Brad Hedlund points out a common misunderstanding in the virtualization networking world – you can segment and isolate all you want, but it is simply a logical construct. From a risk perspective, I equate this type of virtual segmentation (for…

Read more →

Page 8 of 142
« 1 … 6 7 8 9 10 … 142 »

Search This Site

Copyright © 2024 Spire Security Viewpoint. All Rights Reserved. Magazine Basic created by c.bavota.