I had a comment on my post early security engagement in projects - critical or a waste providing a link to a study. It asked for my thoughts on a December 2010 Aberdeen Group study titled "Security and the Software Development Lifecycle: Secure at the Source". The study has a headline: "Top Performers Invest More Annually in Their Application Security Initiatives, but Realize a Higher Return by Identifying and Remediating More Vulnerabilities Prior to Deployment". The key conclusion is that companies practising security at the source saw "a very strong 4.0-times return on their annual investment". I was asked. so here are my thoughts:
Early security engagement - critical or waste?
An axiom of information security is that early engagement in projects and the Software Development Lifecycle (SDL) will produce more secure systems. As I quite enjoy challenging axioms, here goes.
Payments revolution in next two years?
There are some really interesting developments occurring in the world of online and off-line payments. In less than two years time the way we pay for things and even whether we even need to carry a wallet full of cash and plastic could be in question. This could also have some interesting security implications.
Obama Cyber ID = bad idea
![]() |
Flick: laverrue |
This is such a bad idea and will never work, and these are some of the reasons:
Subscribe to:
Posts (Atom)