SEARCH RESULTS
 
Showing 1-10 of 98 records
 
Expand article

The Economics of Finding and Fixing Vulnerabilities in Distributed Systems

2008-11-18 22:47:55 by Gunnar Peterson in 1 Raindrop
 
...findings on software security tools One of the most important developments in the software security market can be seen in the tools space which, combined, almost doubled to $150-180 million. Top of list are two major acquisitions that closed in 2007: Watchfire's purchase by IBM (somewhere in the range of $120-150 million on 2006 revenue of...
 
Tags: information security, information, information security spends, safety information security, versus information security, information security budgets, information security budget, software security, software security space
 
 
 
 
Expand article

Security Intelligence Report v5

The Article has images
2008-11-03 23:29:01 by jrjones in Jeff Jones Security Blog
...Findings" document that is only 18 pages long and provides a nice summary of the findings from each section For my section, on Industry and Microsoft vulnerability disclosures, I'll be posting up some brief PowerPoint screencasts over the next few days where I'll talk through my findings while showing some pretty graphs Regards ~ Jeff
 
Tags: microsoft, microsoft vulnerability disclosures, findings, key findings, malicious software, software, main sir page, section, primary contributors
 
 
 
 
Expand article

What should done about employees stealing in the workplace?

2008-02-21 05:25:00 by John Sexton in The Bullet Proof Blog
 
...findings termination of employee, filing criminal charges, initiating a civil suit Some time ago we were approached with an identical problem facing a local business owner. He believed one of his senior managers to be stealing materials from the warehouse and selling it to other individuals. The owner had heard stories circulating about the...
 
Tags: business owner, local business owner, owner, truck, company truck, company, investigation company, investigator video taped, investigator
 
 
 
 
Expand article

The First Step on the Road to More Secure Software is admitting you have a Problem

2008-02-21 14:26:00 by sdl in The Security Development Lifecycle
 
...findings , not because of the content of his findings, but because of the incredible arm-chair commentary that follows Jeff and I have seen and heard it all This is FUD Yeah, but it's not an apples to apples comparison How can you believe this guy? He works for Microsoft What would Microsoft know about security For his next trick That chart...
 
Tags: vulnerabilities, reduce security vulnerabilities, fewer security vulnerabilities, security vulnerabilities, source security bugs, bugs, major microsoft products, microsoft products, security
 
 
 
 
Expand article

The Arizona Office of the Auditor General finds plenty of holes

The Article has images
2008-06-23 12:28:27 by Evan Francen in The Breach Blog
...findings and recommendations for all three of the schools. In my opinion, the report is very well-written and definitely worth your reading time Commentary I didn't provide much commentary on the Auditor General's report because it really speaks for itself. It was a good read (for a security guy anyway). Kudos to the Arizona legislature for...
 
Tags: information, information security officer, personal information, information security staffs, confidential information, information security, university information, sensitive information, sensitive
 
 
 
 
Expand article

Can you hear me now?

2008-06-27 10:56:10 by Gunnar Peterson in 1 Raindrop
 
...findings from the perspective of the swamp I spend most of my time in - Web services security. Granted it is just one report, but the data run counter to a lot of conventional security "wisdom Who is behind data breaches 73% resulted from external sources 18% were caused by insiders 39% implicated business partners 30% involved multiple...
 
Tags: web services, web services world, web services security, data breach report, report, attack, massive attack surface, companies follow verizon, data
 
 
 
 
Expand article

You want the truth, you can't handle the truth!

The Article has images
2008-07-10 22:35:46 by HASH0x8beb300 in StillSecure, After All These Years
...findings on such a small sample that it is impossible to have an accurate picture Personally, like Hoff says, who watches the watchers is the truth. I would like to see a code of conduct among analysts. I would start by dictating that vendors cannot pay analysts. Take the payola out of the equation the way they did to the DJ/Radio business in...
 
Tags: nac, nac stick, richard, bad mouth nac, richard stiennon, importantly richard, nac knock, assume richard, nac solutions
 
 
 
 
Expand article

You want the truth, you can't handle the truth!

The Article has images
2008-07-10 22:50:16 by ashimmy in StillSecure, After All These Years
...findings on such a small sample that it is impossible to have an accurate picture Personally, like Hoff says, who watches the watchers is the truth. I would like to see a code of conduct among analysts. I would start by dictating that vendors cannot pay analysts. Take the payola out of the equation the way they did to the DJ/Radio business in...
 
Tags: nac, nac stick, richard, richard stiennon, bad mouth nac, importantly richard, nac knock, assume richard, event richard
 
 
 
 
Expand article

Security Assessments as Fraud, Waste, and Abuse

The Article has images
2008-07-17 21:34:14 by rybolov in The Guerilla CISO
...findings Has findings that get fed into a risk management plan (accepted, avoided, transferred, etcthink POA&M Is not exhaustive when it doesnt need to be Provides value to the project team, system owner, and Authorizing Official to make key decisions Now the problem is that the typical auditor has a hard time stoppingthey have an ethical...
 
Tags: controls, security controls, assessment, shares controls, waste, fraud, security assessment, bucket, control bucket