Take5- Five Questions for Chris Wysopal, CTO Veracode
In this first installment of Take5, I interview Chris Wysopal, the CTO of Veracode about his new company, secure coding, vulnerability research and the recent forays into application security by IBM...
View ArticleSecure Services in the Cloud (SSaaS/Web2.0) – InternetOS Service Layers
The last few days of activity involving Google and Microsoft have really catalyzed some thinking and demonstrated some very intriguing indicators as to how the delivery of applications and services is...
View ArticleOn-Demand SaaS Vendors Able to Secure Assets Better than Customers?
I’m a big advocate of software as a service (SaaS) — have been for years. This evangelism started for me almost 5 years ago when I become a Qualys MSSP customer listening to Philippe Courtot espouse...
View ArticleGrab the Popcorn: It’s the First 2008 “Ethical Security Marketing” (Oxymoron)...
Robert Hansen (RSnake / ha.ckers.org / SecTheory) created a little challenge (pun intended) a couple of days ago titled "The Diminutive XSS worm replication contest": The diminutive XSS worm...
View ArticleWhat a Shocker, Stiennon & I Disagree: Arbor + Ellacoya Make Total Sense…
"Common sense has nothing to do with it. When I say he’s wrong, he’s wrong." — Ethel Mertz, I Love Lucy. What a surprise, I disagree totally with Richard Stiennon on his assessment of the value...
View ArticleSecurity Will Not End Up In the Network…
It’s not the destination, it’s the journey, stupid. You can’t go a day without reading from the peanut gallery that it is "…inevitable that network security will eventually be subsumed into the...
View ArticleCloudSQL – Accessing Datastores in the Sky using SQL…
Loading….. I think this is definitely a precursor of things to come and introduces some really interesting security discussions to be had regarding the portability, privacy and security of datastores...
View ArticleThe Classical DMZ Design Pattern: How To Kill Security In the Cloud
Every day I get asked to discuss how Cloud Computing impacts security architecture and what enterprise security teams should do when considering “Cloud.” These discussions generally lend themselves to...
View ArticleElemental: Leveraging Virtualization Technology For More Resilient &...
Yesterday saw the successful launch of Bromium at Gigamon’s Structure conference in San Francisco. I was privileged to spend some stage time with Stacey Higginbotham and Simon Crosby (co-founder, CTO,...
View ArticleWhy Amazon Web Services (AWS) Is the Best Thing To Happen To Security & Why I...
Many people who may only casually read my blog or peer at the timeline of my tweets may come away with the opinion that I suffer from confirmation bias when I speak about security and Cloud. That is,...
View Article