Still going after all these years.
Last week I indulged in a little live tweeting of a webinar my firm, Veracode, did with Chanxi Wang of Forrester, following up on our recent announcement of an independent survey in which 62% of the respondents reported being breached through at least one application vulnerability in 2008. I’ve reposted the substance of my tweets … Continue reading “The Forrester application survey: 62% hacked through apps”
Adjix has a breakthrough idea in URL shorteners (Scripting News) Interesting if retroactively obvious way to future-proof URL shortener links. (tags: twitter) Decoding the Verizon DBIR 2009 Cover Chris Eng shows how crypto is done. Finishing in the top 3 isn’t too bad and whoever dreamed up the cipher in the cover clearly had a … Continue reading “Grab bag: Hacking and other sensible things”
Poll: Texas Republicans Approve Of Rick Perry’s Secession Remarks | TPMDC I say, if Texas wants to secede, we should let them. Provided, of course, that they allow Austin to be an independent city-state (like the Vatican), and that they pay us back all the federal tax dollars that have flowed down there year after … Continue reading “Grab bag: Remarks taken out of context”
I apologize for the plethora of linkblog posts here over the past little bit, and for their relative paucity. It’s been a busy few months. I got a new boss and transitioned from a “second product manager” to more of a lead role, at about the same time that we launched a set of significant … Continue reading “I’m alive”
Analyzing Fortify’s Plan to “Fix” the Government’s Security Problem | The Guerilla CISO Interesting perspective on the success or failure of Fortify’s pitch around government software security, or how not to do it. (tags: fortify security) Nick Coblentz: Application Security Portfolios: Part 1 Thoughts toward putting together an application security portfolio. Aimed more at a … Continue reading “Grab bag: Application security edition”
New Product Management Blogs (On Product Management) Two new PM focused blogs start out focused on win-loss. (tags: productmanagement) The Mac at 25 (CNET News) Jumping off point for a lot of interesting reminiscences. (tags: apple mac) Procurement Reform is Sexy, Honest (TPMDC) As a former developer on the DOD’s Standard Procurement System, I have … Continue reading “Grab bag: Downsizing in Redmond … and Gitmo”
Between Obama and the Press (NYTimes.com) Interesting, if a little navel-gazing, article about how the Obama relationship with the press is evolving in the transition. (tags: obama politics transition) Official Security Update for Internet Explorer Now Available (Lifehacker) Go get it. Now. Since you can’t easily uninstall IE, it’s better to be patched even if … Continue reading “Grab bag: IE security update and other fixes”
The Grid System Interesting design resource for grid based design. (tags: css webdesign typography) Anti-Debugging Series – Part I Tyler Shields begins an interesting series on practical development considerations for application security, starting with "anti-debugging"–methods used to hinder the reverse engineering of a process. (tags: security) PNG in Windows IE Lightweight JavaScript solution for transparent … Continue reading “links for 2008-12-03”
BSO launches download service – Exhibitionist – Boston.com Brilliant new download service does classical music right: you can buy by the track, major work, or album, and it’s available as MP3s or high fidelity recordings (the latter, unfortunately, only available for PCs). The real news is that they’ll be releasing new performances, including the performance … Continue reading “Grab bag: BSO downloads”
StickySorter: A Tool for Organizing Information – Office Labs Pretty awesome tool for doing affinity maps. Look forward to trying it out. (tags: productmanagement marketing microsoft) Topspin » GRAMMY Northwest MusicTech Summit Keynote An inspiring presentation about the state of the music business. No, not for the labels: for the artists and fans. (tags: music) … Continue reading “Grab bag: Old friends, WordPress, and more”
Microsoft Fixes 8-year Old Design Flaw in SMB The NTLM Relaying bug that Microsoft fixed yesterday has deep roots, and one of Veracode’s cofounders wrote up one of the first advisories around the issue. (tags: security microsoft) Product Manager’s Desk Reference As Twittered by the Cranky Product Manager. Supposedly useful but dry. (tags: productmanagement) Wines … Continue reading “Grab bag: SMB fix at last”
Speculation on Palin E-mail Hack …and here’s how they could have done it. Not every hack requires the knowledge of exploiting buffer overflows and SQL injections… sometimes there’s just plain bad design at work. (tags: 2008 election palin security) John McCain Invented the BlackBerry.com From the same twisted impulse (though probably not the same people) … Continue reading “Grab bag: Why govt email on private accounts is dumb”
PerversionTracker They’re back! And they’re unleashed on the App Store! (tags: humor iphone apple) Poor security quality in software. Someone is watching over me. (Zero in a bit) Why do we assume that our software is secure? (tags: security)
Software [In]security: Application Assessment as a Factory (InformIT) A pretty good description of what Veracode does. (tags: security) Rands In Repose: The Quirkbook We all have lightweight OCD. An interesting collection of examples. (tags: psychology)
Literature Review – Serif vs. Sans Serif Legibility (Alex Poole) The literature says there’s no measurable legibility difference. It all comes down to taste. (tags: typography) 50 State Predictive Map (Zogby International) One of a set of maps handicapping the race. (tags: 2008 election polls map) Surgery sidelines Levine (Boston Globe) More details on Levine’s … Continue reading “links for 2008-07-10”