Thursday, October 25, 2007
Links for 1007-10-25
Jonathan Schwartz of Sun absolutely rocks. He is going to strike back in the form of a lawsuit to those who believe that being free is a bad thing. Hand those folks a good beat down.
Bet you didn't know that today's CPUs can crack passwords eight times faster than they can check passwords?
I would challenge Larry Greenemeier to understand that afraid is not the right word. For example, most enterprises understand that they are seeking analyst insight into problems they face yet end up with a list of products. Many analyst firms refuse to have enough integrity to help enterprises with their goal and filter out solutions that may be open source for questionable reasons. Sure, you can rationalize anything but until enterprises start demanding seeing open source projects next to large closed source vendors in reports, rationalization is a trap.
Could someone kidnap Richard Stiennon for giving out bad advice? Maybe what he should be calling out is that security products may not be secure or how enterprises need to procure secure software and start demanding of their vendors that they implement secure coding practices.
You can increase the security of the enterprise by focusing on perception management and getting IT executives to hide out in their offices reading over-distilled high-level information while attackers focus on the details.
I wonder if Adam Shostack has any thoughts on whether PCI is sufficient or whether software vendors need to themselves embrace secure coding.