Monday, March 31, 2008
Adobe on Linux - holes are cross platform
Saturday, March 29, 2008
If it works for children...
Friday, March 28, 2008
VMWare, the new "unbreakable"?
It was more than some attendees could bear."And the Titanic was unsinkable," Mike Poor, a senior security analyst for IntelGuardians shot back. Other attendees complained that security increasingly looked like an afterthought as VMware continued to add new bells and whistles to its Workstation and ESX Server products - many from third party companies."I wonder if those people have learned anything from the infamous "unbreakable" campain from Oracle.
JJD on Mac
Macs and the Pwn2Own contest
Tuesday, March 25, 2008
Disruptive innovation and security, some thoughts
Wednesday, March 19, 2008
You need to think like this sometimes
Thursday, March 13, 2008
ActiveX controls and security
Insider threat in a Auditors Conference
Outlook vulnerability
Friday, March 7, 2008
Cisco patch cycle
Cisco has announced its regular patch cycle, just like Microsoft. There is just a "small" difference between each company's process: Cisco is planning to release patches only twice an year.
What these people need to understand is that vulnerability management is not exactly like change management. Some people believe that long change cycles are a good sign of mature change management. Ok, it may be, but for vulnerabilities the problem is quite different. While you can have a good perception of the probability of a common error has to cause you problems, it's almost impossible to have the same number about a vulnerability. Not only that you can't have this number, it's also not under your control! That makes vulnerability patching a different kind of change, that needs to be released as soon as possible.
I'm curious about the motives behind this 6 months time; is it because the testing process for cisco products is more complex or they are just less competent than the others on producing patches?