Browse by Tags
All Tags »
Rant (RSS)
I spoke with Kim Cameron a few days ago about Google's single sign-on (SSO) design bug . I wanted his take on the bug because he's one of the best in the area of identity, single sign-on etc etc... his response can only be described as scathing.
Read More...
I just wrote an article over on the SDL blog about my observations from the industry to Jeff Jones' vulnerability analysis and the lack of security progress by our competitors.
Read More...
I really got a chuckle out of this news item , especially this line: “Coverity, which creates automated source-code analysis tools, announced late Monday its first list of open-source projects that have been certified as free of security defects.” So
Read More...
My colleague, Eric Bidstrup, has posted a thought provoking commentary about the Common Criteria. I think it's fair to say Eric is simply voicing what a great many people think about the (lack of) value of CC.
Read More...
Jeff has a post about the recent CRN and Ars Technica articles comparing XPSP2 and Vista security. One thing I love about Jeff is he's blunt. Damned blunt.
Read More...
David Ladd, a partner in crime, has just made a post on the SDL blog about Security Education. He starts: "There has been a lot of hoopla lately around "secure programming skills" – with not-so-thinly veiled condemnations of academicians and the role
Read More...
I love looking at and analyzing security bugs, but I also enjoy observing how people react to knowledge of security bugs. Over the last few weeks, I’ve seen a number of interesting articles about Windows Vista security that made me smile. So I thought
Read More...
Howdy once again from RSA. It's raining. So much for sunny California! Jeff and I just gave our talk about Windows Vista Security Engineering. It was a packed room. In fact, when we got to the room we saw a bunch of people milling around outside. We went
Read More...
I’ve been asked this question numerous times, often in the guise of a question like, “why can’t you guys simply fix the security problem?” or “reliability and scalability problems are understood and solvable, why can’t you do the same with security?”
Read More...
Jeff has an uncanny ability to dig into details that most folks gloss over: Exposed? : Examining Secunia Unpatched Warnings - Part 3 I have to concur with Kai: People like this just frost me: Security considered a burden for users
Read More...
Over the last couple of days, many people have asked for my take on the fact that Visual Studio 2005 SP1 requires admin privileges to run on Windows Vista, and pops up a dialog saying so when it starts up. So, here’s my take, and I don't work for the
Read More...
From "Making Windows XP Start Faster" at http://www.pcmag.com/article2/0,1759,1768883,00.asp Two of the services listed under "Stopping Unneeded Startup Services" Automatic Updates: This service enables Windows XP to check the Web automatically for updates.
Read More...
