John Pescatore

Web-site vulnerabilities: hacker’s low-hanging fruit – don’t leave a ladder against the tree.

Submit a Comment »

Category: Uncategorized     Tags:

Share

I’ve done a lot of calls this year with Gartner clients reviewing and updating their DMZ designs. As I pointed out here, not a lot of “de-perimieterization” going on – and for the usual good reasons. Most of the redesigns are adjustments for dealing with virtualization in the data center or in changing patterns of [...]

Submit a Comment »

Category: Uncategorized     Tags:

Share

I grew up in Long Island, New York and pretty much took it for granted that when you flushed the toilet, the waste products went down a pipe out the front of your house to a bigger pipe where professionals handled it all from there. When I moved to Maryland and bought a house, I [...]

1 Comment »

Category: Uncategorized     Tags:

Share

Back in early late 1990′s and early 2000′s, penetration testing got a bad name. Mostly because there were a lot of  small security consulting firms sprouting up and offering penetration tests for $500 or less, and these pen tests weren’t all that much different than what more established firms had charging tens of thousands of [...]

1 Comment »

Category: Uncategorized     Tags:

Share

Better/cheaper to give bug-free developers huge stock options than reward vulnerability finders.

Submit a Comment »

Category: Uncategorized     Tags:

Share

Just imagine if each year, we had the software equivalent of the imaginary “debt ceiling” – the Vulnerability Ceiling. If all global CIOs didn’t vote to increase the total number of software vulnerabilities, software vendors could not sell new versions of their software until the total number was reduced below that ceiling. Of course, that would [...]

1 Comment »

Category: Uncategorized     Tags:

Share