management
Don’t patch it, it’s fine?
- Albert Zenkoff
- 2016-11-17
- Society, application security, corporate, management, security strategy, society
I wrote back in 2013 about my shock at discovering that the companies are now publicly calling to stop the investment in security and avoid fixing security bugs in my article Brainwashing in security. There, we witnessed the head of Adobe security, Brad Arkin, tell us that the companies should not be wasting their precious ...
Read More
Three roads to product security
- Albert Zenkoff
- 2014-10-16
- Management, advice, choice, Common Criteria, consult, definition, management, OpenSAMM, path, process security, product security, road, security, three, way
I mentioned previously that there are three ways to secure a product from the point of view of a product manufacturing company. Here is a little more detailed explanation. This is my personal approach to classifying product security and you do not have to stick to this but I find it useful when creating or ...
Read More
Secure the future – have a change of mind!
- Albert Zenkoff
- 2014-09-24
- Management, atomization, civilization, costs, economics, justify, long term, management, mindset, necessity, profit, profitable, secure future, security, separation, short-sighted, survival
The future of the enterprise can be secured provided that it is properly organized and operated with full understanding of its economics. The current concentration on “profit here and now” is extremely harmful to the survival of the economy of the world as a whole and every given enterprise in particular. Why is that? There ...
Read More
Strategy towards more IT security: the road paved with misconceptions
- Albert Zenkoff
- 2014-07-23
- Society, component, conference, future, government, ignorance, internet, IT, management, manufacturing, misconception, network, restrict, secure, security, software, strategy, system
The strategy towards more IT security in the “Internet of Things” is based a little more than entirely on misconceptions and ignorance. The policy makers simply reinforce each other’s “ideas” without any awareness of where the road they follow is leading. As I listened on in the K-ITS 2014 conference, it became painfully obvious that ...
Read More
Cheap security in real life?
- Albert Zenkoff
- 2014-06-30
- Management, advice, audit, cheap, customer, management, penetration testing, practice, product, quick and dirty, security, security by obscurity, security program, systematic, white box
Security concerns are on the rise, companies are beginning to worry about the software they use. I received again a question that bears answering for all the people and all the companies out there because this is a situation that happens often nowadays. So here is my answer to the question that can be formulated ...
Read More
Over-engineering
- Albert Zenkoff
- 2014-04-13
- Technology, bugs, code size, coding techniques, complexity, keep it simple, kiss, maintainability, management, over-engineering, overengineering, show off, technology
Causes for security problems are legion. One of the high pertinence problems in software development is called “over-engineering” – creation of over-complicated design or over-complicated code not justified by the complexity of the task at hand. Often it comes as a result of the designer’s desire to show off, to demonstrate the knowledge of all ...
Read More
Guard your secrets
- Albert Zenkoff
- 2013-11-10
- Management, careless, corporate intelligence, corporate spying, intelligence, leak, management, Physical security, social, spy
I meant to write about the subject of spying and corporate information security for a while now but got around to it only now. The article Confessions of a Corporate Spy has provided an excellent background for the discussion and is absolutely worth a read. Twenty years ago the corporate spying was already abound and ...
Read MoreCoverity reports on Open Source
- Albert Zenkoff
- 2013-05-08
- Management, coverity, Development, management, open source, quality, security scanning, software, source scan, vulnerability report
Coverity is running a source code scan project started by U.S. Department of Homeland Security in 2006, a Net Security article reports. They published their report on quality defects recently pointing out some interesting facts. Coverity is a lot into code quality but they also report security problems. On the other hand, any quality problem ...
Read MoreSecurity training – does it help?
- Albert Zenkoff
- 2013-03-28
- Management, awareness, draconian security, general, management, philosophy, rare risk ignorance, risk, risk awareness, security education, security training, training
I came across the suggestion to train (nearly) everyone in the organization in security subjects. The idea is very good, we often have this problem that the management has absolutely no knowledge or interest in security and therefore ignores the subject despite the efforts of the security experts in the company. Developers, quality, documentation, product ...
Read More
Ignoring security is not a good idea…
- Albert Zenkoff
- 2013-02-24
- Management, Android, embedded, evaluation, HTC, management, mobile, news, privacy, punishment, security
I see that HTC got finally whacked over the head for the lack of security in their Android smartphones. I will have to contain myself here and will leave aside the inherent issues surrounding Android, its security and model of operation that will hurt … Ok, ok, I stop now. So, HTC got dragged ...
Read MoreAbout the author
Albert Zenkoff
Managing corporate security in both technical and business sense in the context of long-term business strategy and sustainability.
For security consulting, training, certification and audit mail albert@aruberusan.com.
Share and stay updated
