Better/cheaper to give bug-free developers huge stock options than reward vulnerability finders.
Category: Uncategorized Tags:
Entries Categorized as 'Uncategorized'
Twelve Word Tuesday: Bug Bounty Bonanzas Bother Me
by John Pescatore | August 2, 2011 | Submit a Comment
How About a Big Battle Over Refusing to Increase the “Vulnerability Ceiling”?
by John Pescatore | August 1, 2011 | 1 Comment
Just imagine if each year, we had the software equivalent of the imaginary “debt ceiling” – the Vulnerability Ceiling. If all global CIOs didn’t vote to increase the total number of software vulnerabilities, software vendors could not sell new versions of their software until the total number was reduced below that ceiling. Of course, that would [...]
Category: Uncategorized Tags:
Has OWA Really Caused Any Owwies?
by John Pescatore | July 27, 2011 | Submit a Comment
I’m spending a lot of time with Gartner clients as they try to address the risks of letting employees use employee-owned smartphones to access business email and business systems. We go through all the risks, but one question I always ask is “Do you support Outlook Web Access?” The answer is invariably yes. OWA has [...]
Category: Uncategorized Tags:
Twelve Word Tuesday: The FBI Won’t Stop Anonymous/LulzSec, But You Can
by John Pescatore | July 26, 2011 | Submit a Comment
If you build it securely, they’ll come – but leave without your data.
Category: Uncategorized Tags:
No Insurance Policy Ever Protected a Customer, and Lots of them Don’t Even Limit Business Risk
by John Pescatore | July 22, 2011 | 6 Comments
Sony has publicly stated that the direct costs in 2011 in dealing with their failure to protect PlayStation Network customer data will top $170M – and that doesn’t even count what they may end up paying out in settlements and the associated legal costs. Sony, of course, had insurance and expected that would bound how [...]
Category: Uncategorized Tags:
What You Hold In Your Hand Can Be a Lot More Secure Than What You Open on Your Lap
by John Pescatore | July 21, 2011 | 1 Comment
From a security perspective, Blackberries and iPhones are lightyears ahead in security compared to a Windows laptop. Rim and Apple have had the advantage of controlling both the hardware and the operating systems, where Windows grew up in a time where the mantra was the OS had to run on any commodity hardware that met [...]
Category: Uncategorized Tags:
Twelve Word Tuesday: You Have to Put Your Foot on the Brake to Go from Park to Drive, But Click on a URL and Boom!
by John Pescatore | July 19, 2011 | Submit a Comment
Like manufacturers of explosives, software vendors really should appoint Chief Safety Officers.
Category: Uncategorized Tags:
The Perimeter Persists Because Infrastructure is Never Good at Protecting Infrastructure
by John Pescatore | July 14, 2011 | Submit a Comment
Much the opposite of Generalissimo Francisco Franco, the perimeter is nowhere near dead. Mainly because it makes good business sense, even if it does not make for good PhD theses. Years ago the laptop was supposed to mean the perimeter was dead. Nope, we put a piece of the perimeter (firewall) on the laptop, required [...]
Category: Uncategorized Tags:
Still in Denial About Denial of Service?
by John Pescatore | July 13, 2011 | Submit a Comment
Thirty five years ago today I was working at my summer job at JFK airport in New York and all the lights went out – only the control towers were lit, a very eerie sight from a truck driving around the tarmac. This was the great Northeast blackout of 1977. There have been a number [...]
Category: Uncategorized Tags:
Twelve Word Tuesday: Adobe and Apple Need to Emulate The World’s Most Secure Graphic Display Tablet
by John Pescatore | July 12, 2011 | 2 Comments
Happy 51st birthday, Etch-a-sketch! No hacks, no vulnerabilities – match that Flash, IOS!
Category: Uncategorized Tags:
