You can't secure what you don't acknowledge.SM

Friday, January 28, 2011

Take patch management out of IT's hands completely?

Here's a piece by CNET's Stephen Shankland on continuously updating software and patch management. Not sure where things will end up (we're already halfway there with this technology) but it's something that certainly couldn't hurt security.

Monday, January 24, 2011

Web application security testing: how much is enough?

How often should you test your Web sites and apps for #security flaws? Well, it depends of course! Here's a new bit I wrote where I delve into the different variables and things you need to be thinking about:

How often should you test your web applications?

Enjoy.

My book Hacking For Dummies is now in 3 languages

I was just told by my acquisitions editor at Wiley that my book Hacking For Dummies is being made available as an Italian language publication.



English, Estonian (I know, who would've thought!?) and now Italian...cool.

Sunday, January 23, 2011

Cybersecurity schmybersecurity

Here are a couple of #cybersecurity pieces I authored for TechTarget's SearchCompliance.com regarding the proposed Rockefeller-Snowe Cybersecurity Act of 2009 (Senate Bill 773) and Lieberman-Collins-Carper Protecting Cyberspace as a National Asset Act of 2010 (Senate Bill 3480):

Why the Cybersecurity Act is better for government than business

Is the latest cybersecurity bill an Internet takeover by the fed?

You know how I am about government growth and its intrusion into the free market. By and large that's what both of these pieces of legislation represent. As with so many other federal government regulations I strongly believe that it'd serve to cause more problems than it fixes.

But who am I to question...the politicians know best, right?