by Ramon Krikken | May 7, 2012 | Comments Off
We’ve just finished parsing 1.5K data points in a customer-facing research project on mobile applications. We spoke mostly with development team members, but also had a few architects and other functions represented (we even had a person from a marketing team in the mix). The data is very rich, and we’ve spent considerable time deriving [...]
Comments Off
Category: Applications Cloud Security Tags: mobile, mobile applications, rest, security, services, soa, web services
by Ramon Krikken | April 27, 2012 | Comments Off
It must be Friday, because it’s definitely FUD-filled! Hide your valuables, because the VMWare ESX code leak is sure to cause IT systems to go dark around the world (and thus your alarm company’s systems too, I’m sure). OK, so enough with the hyperbole. Let’s be fair: it’s certainly possible that source code availability will [...]
Comments Off
Category: Cloud Security Tags: cots, hypervisor, KVM, many eyes principle, open source software, oss, security, VMware, WMware ESX, XEN
by Ramon Krikken | April 23, 2012 | Comments Off
I’m hoping you can all make it out to San Diego at the end of August this year. We’re planning to have another great Catalyst conference, featuring not only our Gartner for Technical Professionals analysts and content, but also a good number of awesome external speakers, too! Different from previous years, though, we won’t have [...]
Comments Off
Category: Uncategorized Tags: big data, cat12, catalyst, cloud, mobility, nexus, security, social media
by Ramon Krikken | April 19, 2012 | Comments Off
We’re always working on updating our software security / application security coverage, and the time has come to spend a few months on gathering new information for the application security program guidance document. To make it more than “here’s another general maturity model – do everything it says,” I’m looking for what makes and breaks [...]
Comments Off
Category: Security Tags: application security, developer training, security, security summit, security training, software security
by Ramon Krikken | September 9, 2011 | 1 Comment
The PCI SSC recently released the “Information Supplement: PCI DSS Tokenization Guidelines.” In the guidelines, the council describes various aspects of tokenization, including some desired security properties of the system and the tokens, as well as how tokenization may reduce PCI DSS scope (which is ultimately tokenization’s raison d’être). Anton Chuvakin already provides various comments [...]
Category: Security Tags: PCI-DSS, security, tokenization
