Company Blog
BSIMM update
The BSIMM study data set has more than tripled in size and now includes data from 30 firms. We are busy working with Betsy Nichols to crunch the numbers now that we have a statistically significant data set. The plan is to announce our results at RSA. One question that comes up in the BSIMM [...]
Bubbles
I’ve lived in a bubble all of my life. My parents created a bubble to grow up in and then I wrote commercial software products. It’s only recently that I’ve stepped out of that bubble and seen just how messy the real world is. Yes, I’ve looked at bubbles from both sides now (sorry, but [...]
Cloud Risks When You Become A Service Provider
The European Network and Information Security Agency (ENISA) published their analysis of security risks from cloud computing. It’s a well thought through paper and it complements the work on cloud security guidance being written by the Cloud Security Alliance. What I like about both the ENISA report and the CSA Guidance (I’m an author of [...]
Top Ten Web Hacking Techniques of 2009
This is a guest post by Cigital consultant Romain Gaucher. Every year since 2006, Jeremiah Grossman has organized a contest to recognize the Top Ten Hacking Techniques of the year. This year, I had the privilege of being one of the security professionals asked to judge along with Rich Mogull, Dinis Cruz, Chris Hoff, HD [...]
