Oh no he didn’t!
http://rationalsecurity.typepad.com/blog/2007/12/breaking-news-s.html
I should be crossing the border back to the US in about 12 hours.
Totally Transparent Research is the embodiment of how we work at Securosis. It’s our core operating philosophy, our research policy, and a specific process. We initially developed it to help maintain objectivity while producing licensed research, but its benefits extend to all aspects of our business.
Going beyond Open Source Research, and a far cry from the traditional syndicated research model, we think it’s the best way to produce independent, objective, quality research.
Here’s how it works:
In essence, we develop all of our research out in the open, and not only seek public comments, but keep those comments indefinitely as a record of the research creation process. If you believe we are biased or not doing our homework, you can call us out on it and it will be there in the record. Our philosophy involves cracking open the research process, and using our readers to eliminate bias and enhance the quality of the work.
On the back end, here’s how we handle this approach with licensees:
Here is the language we currently place in our research project agreements:
“Content will be created independently of LICENSEE with no obligations for payment. Once content is complete, LICENSEE will have a 3 day review period to determine if the content meets corporate objectives. If the content is unsuitable, LICENSEE will not be obligated for any payment and Securosis is free to distribute the whitepaper without branding or with alternate licensees, and will not complete any associated webcasts for the declining LICENSEE. Content licensing, webcasts and payment are contingent on the content being acceptable to LICENSEE. This maintains objectivity while limiting the risk to LICENSEE. Securosis maintains all rights to the content and to include Securosis branding in addition to any licensee branding.”
Even this process itself is open to criticism. If you have questions or comments, you can email us or comment on the blog.
Reader interactions
7 Replies to “Never Bring A Knife To A Gun Fight”
Okay- just posted that this was a joke, I wasn’‘t hacked.
Windexh8r- I’‘m sure someone could hack me with enough effort, but it isn’‘t going to be *that* easy. I definitely practice what I preach, from system hardening at home to encrypting my laptop, to a crazy-long WPA passphrase.
The blog will probably get hacked at some point since it’s hosted and I’‘m limited in what I can do to protect it. I haven’‘t updated to the 2.3 series since it had functionality improvements but no security updates. It will be going in over the holidays though.
I find this a little funny and disturbing at the same time. The word hypocrite comes to mind with regards to practicing what you preach. In the end I think the way Chris went about this was over the top, but it needed to be done to point out the “paper certs” with regards to security professionals. Compliance and technical security are too disparate and the compliance gurus are usually horrible at implementation—case in point. I do, however, feel that Chris’’ CISSP should be revoked for breaking the code of ethics. My post on his site can be found here:
http://rationalsecurity.typepad.com/blog/2007/12/breaking-news-s.html#comment-93664732
I might suggest a little more network security for home Rich. Hopefully you’‘re not a WRT54G dork like some of the rest of the “network security professionals” podcasting. What a joke.
[…] Never Bring a Knife to a Gun Fight […]
[…] Never Bring a Knife to a Gun Fight […]
I hope this means war. I love to watch/participate in practical joke wars. I just hope you can find a nice security research project for Hoff to participate in, perhaps some security related project on Phone companies and persons authorized to make changes to phone orders or cancellation?
—Tim
Hi Rich,
Big fan of your blog. I also am a fan of the tile you are using outside of your house. I am however not a fan of your car.
Wishing you a very Merry Christmas!
Rich, You realize that if this is true this it the biggest security story of the year. 🙂 You will have a long roe to hoe to live this down.