The most recent omnibus spending bill now includes the Cybersecurity Information Sharing Act of 2015. This bill provides broad protection to companies that share loosely defined "cybersecurity" information with government, even disallowing FOIA..
It's that time of year for my top predictions for 2016. And, let's review how well I did for 2015:
My 2016 predictions include:
It’s a big deal because many enterprise applications are vulnerable. It’s..
A widespread vulnerability in Java environments leaves thousands of businesses seriously exposed. Despite lacking a clever name — ala Heartbleed, Shellshock, and POODLE — this vulnerability is poised to allow hackers to do damage across the..
The fundamental problem is that the industry hasn’t created a thorough (and openly available) threat model that adequately considers what hackers might do. The analysis of V2V communications I’ve read focuses on safety issues — what happens under..
Many people think wires are the most secure way to send large sums of money. I’ve seen how many of these wires get processed, even wires for billions of dollars. And it’s just like most other enterprise software — lots of vulnerabilities waiting to..
This is always the tradeoff… How do we balance the risk of providing some new, cool, useful feature against the risks that the new feature creates? What makes this especially hard is that while the benefits are often immediate and concrete,..
The rush to "do something" about cyber security issues is leading both legislators in industry to ridiculous place.
Most people's knee-jerk reaction when thinking about cyber security is that we should go after the attackers. The thinking is..
“The interesting thing about this recall is not that it’s going to be expensive and inconvenient (it will), but that it shouldn’t have had to happen. We already know the importance of auto-update. Remember those painful years of downloading..