Monday, October 06, 2008


Links for 2008-10-06

  • Dropping the iPhone NDA is good for security
    I am awaiting someone to start the movement towards open source NDAs. This feels like something James Governor of Redmonk would champion.

  • 700 Billion Dollar Information Security Bailout
    The parallels between the financial crisis the US currently finds itself in and the state of information security is uncanny...

  • Writing Secure Code
    Mark Wilcox mentions XACML, something that I am a big fan of yet doesn't comment on whether Oracle will be teaching others how to write better code. Microsoft organizes developer days and Oracle doesn't have the equivalent. The reason why this is important is that many product managers have no clue regarding how to build XACML support into their applications. For example, have you ever heard Craig Randall talk about it being incorporated into Documentum, Jon Newton in Alfresco or Phil Gilbert in Lombardi? Even for the vendors that are aware of XACML are still wrongfully stating that us customers haven't asked for it yet. I wonder if friendly neighborhood industry analysts will uncover the XACML conspiracy

  • EMC and the CMIS standard
    Laurence Hart comments on EMC behavior and noted that Craig Randall issued a press release from his blog which isn't much of a surprise. Laurence also notes that EMC should release an implementation. I would expand his bullets to include giving an advanced copy to OWASP such that security professionals can find vulnerabilities prior to it being put into production by their customers. We know that Craig Randall is most certainly capable of creating fugly WSDL and I may be able to guide him towards something that doesn't repeat DFS mistakes.

  • Fairfield/Westchester Code Camp - Call for Speakers
    I am thinking about presenting at this event on SOA Security. Wouldn't it be cool if there were lots of OWASP-style security discussions at this event?

  • Cynthia McKinney reveals American Genocide!
    How crazy do you have to be to leave even the Democrat Party behind for wackier pastures?

  • Are you an IT Security Idiot?
    Do the vast majority of CISSP and their lack of software development background become an impediment to making the enterprise truly secure?

  • << Home
    | | View blog reactions

    This page is powered by Blogger. Isn't yours?