Latest news
Managing your risks sounds rather cryptic and to many it is. It is about recognizing the value of what you have, the costs to protect it, and the risks of bad things happening. Examine the insurance industry. They manage to stay in business despite the constant onslaught of floods, hurricanes, tornadoes, earthquakes, and other disasters.
Based on your experiences, do you find proprietary software or open source software to be more secure?
Neither. The vulnerability mailing lists are filled with reports for both open source and proprietary software. The problems of poor design, unsafe coding practices, and complexity are not limited to any one philosophy of software production. The philosophy gives no information on the diligence of either the product design, coding practices, or general quality levels.
The risk or security of software is measured by the amount of peer review that software has had. An unknown piece of software is deemed suspect until proven innocent by usage. I believe that open source software has the advantage here by its community at large vetting process versus private audits that the proprietary software is limited to.
What do you think about the full disclosure of vulnerabilities?
I am in favor of it. Only by studing past failures can we mitigate future ones. Of course, this requires an environment where people may learn and apply the past lessons. I do think that the discovers of a vulnerability should notify vendors discretely before posting details. The key point should be getting the vulnerability fixed and systems patched not about giving script kiddies another exploit.
What are your plans for the future? Any exciting new projects?
I am currently enjoying the celebrity lifestyle of a security author. :) My current project is to spend time with those close to me.
Spotlight
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Is Microsoft is reading your Skype communications?
Posted on 15 May 2013. | The question of whether Skype allows U.S. intelligence and law enforcement agencies to access the communications exchanged by its users has still not been adequately answered by Microsoft.
Internet Explorer best at blocking malware
Posted on 14 May 2013. | While Chrome’s malware download protection improved significantly, Internet Explorer 10 continues to outperform the other browsers with a block rate of 99.96%.
Researcher refuses to help Saudi telco to spy on people
Posted on 14 May 2013. | You would think that a Saudi Arabian telecom firm interested in monitoring its users' mobile communications would not be asking a well-known pro-privacy researcher for help, but you would be wrong.
Malicious browser extensions are hijacking Facebook accounts
Posted on 13 May 2013. | Facebook users - especially those in Brazil - are being targeted with malicious browser extensions trying to hijack Facebook profiles, warns Microsoft.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
