Skip to main content


Showing posts from December, 2008

2008 Year End Summary

It’s been almost a year since I started blogging. Sam Buchanan, who has been blogging since 2001, tried to get me started a couple times years ago, but I didn’t really think I had anything to write about, or maybe I thought that nobody would read what I wrote, or maybe I wouldn’t admit that I didn’t really know what  blog was, so I never started. My boss finally convinced me to start writing, and this blog is the result. I’m probably late to the party, as the trend seems to be shifted toward micro-blogs or Tweets. I’m a fan of well written, original thoughts in the longer blog format though, so that’s what I’ve tried to present here on this blog.Here’s a short summary of the interesting posts from the first year. Security related posts include a post on protecting yourself from your own applications.  It’s a concept that we’ve used for years that unbeknownst to me is closely related to Biba and BLP. Hopefully I’ve recorded the essence. I also wrote some thoughts on de-provisioning as …

If it can browse the Internet, it cannot be secured

Tired of IE’s vulnerabilities?

You could switch to Firefox, but if you were honest, you’d have to admit that you still can’t declare yourself secure. Or you could try Opera, but then you’d have to manage critical patches also, though perhaps less frequently. There is nothing about Chrome or Safari that indicates that using them will make you secure. They may have fewer vulnerabilities, or it may be that fewer of their vulnerabilities have been discovered and published. You may be more vulnerable or less vulnerable by switching browsers, but you will still be vulnerable. Throw in cross platform vulnerabilities and the combined vulnerabilities of the various third party browser addons & the menu looks pretty bleak.

Frankly, as the threats from the Internet have evolved over the last decade or so, I’ve not seen a huge difference between the security profiles of the various browsers. Some have fewer vulnerabilities, some have more; some have an easier selection of somewhat more secur…

Startups and Early Adopting Customers

Any product, no matter whose it is, will only meet a fraction of your needs. Working with early startups gives you the ability to influence a product early in its life cycle and increase that fraction. You get to nudge a product in a direction that matters to you, while the startup gets unvarnished, raw, but valuable product feedback.

In a recent post on Security for All, Joseph Webster describes risk to innovation that startups face when transitioning to established corporations. From the point of view of a customer of startups, the transition that the startup needs to make is also interesting:

In a small startup everyone is intimately familiar with the customers, whereas large corporations have to make concerted efforts to allow a design engineer to even have marginal contact with a customer - and that’s usually second hand through either a sales or marketing initiative.[1]
As a customer, I’ve seen both ends of the spectrum. My team was one of the early customers of LogLogic b…