Chenxi Wang of Forrester Research and Chris Wysopal, our founder and CTO, will discuss ways to secure applications before they are purchased and deployed in an enterprise — as a part of contract negotiations and the RFI and RFP process. More information on the seminar and instructions on how to register can be found on the Veracode site.

Earlier this week, I attended the first PCI Community Meeting in Toronto, a gathering organized by the PCI Security Standards Council to bring QSAs, ASVs, and other PCI stakeholders together in one room with the PCI Council. Let’s be honest here — in the security industry, discussing regulatory compliance is about as dull as it gets. On the other hand, compliance is also a major catalyst, sometimes the only catalyst, in convincing organizations to improve their security posture, so it’s important to understand. As might be expected, I focused my attention on the sessions dealing with …

We spend a lot of time thinking about hackers and abuse cases. This article entitled “Who Needs Hackers” by John Schwartz of the New York Times talks about how flawed systems, the increasing complexity of systems, and even mergers and acquisitions can make computer systems unreliable. The rush to market can lead to not enough testing. Pressures to ship software and hardware quickly and to keep costs at a minimum work against more secure and robust systems. These are the same pressures that lead to the flaws that hackers take advantage of as well.

One of my first “real” jobs in security back in the 90′s was working as an IT security engineer for a government contractor and internet backbone provider.  One of our tasks was finding people who bridged the internal network with the internet.  We found one guy who had been running his own ecommerce business on our external network.  He showed up on our scans because he had 2 network interfaces on his machine with one connected to the external network and one connected to our internal network.  …