Friday Summary: 2012 Year End WrapBy Adrian Lane
It’s the holiday season, people are leaving for vacation, and most people have things other than security on their minds – including me – so I’ll keep today’s Friday Summary short.
It’s time to reflect on the successes – and failures – of the past year. For the most part 2012 has been a good year for the Securosis Team: Rich, Mike, Dave Mortman, Dave Lewis, Jamie Arlen, Gunnar Peterson, and I have all been active with research, conference presentations, webcasts, consulting projects, and engaging the community at large. We did more deep-dive research projects than we have ever done before. And more importantly, despite the huge amount of work, it remains fun. I believe everyone on the Securosis team loves working in the field of IT Security, and despite having seen the ugly underbelly of the profession, it is simply one of the most interesting and challenging fields imaginable. Our candid internal research debates are a genuine treat; and chat discussions are simultaneously illuminating, depressing, funny, and rewarding. I am really lucky to work with such a great team and have so many interesting projects to work on! Sure, I could do without the daily baths in vendor FUD, but I just can’t imagine doing anything else. Well, perhaps I can imagine running off to be a roadie for an AC/DC world tour, but then reality sets in and I come back here.
For those of you who are wondering what we will be up to in the New Year, we will publish a full research calendar in the coming weeks. We have several projects starting on endpoint security, web applications, mobile, and cloud IAM. And several of us will be presenting at conferences early next year – notably the Phoenix ISSA meeting January 8 and the Open Group conference in Newport Beach, California on the 28th of January.
This is the last Friday Summary of 2012. I would like to thank all of you who read and participate on the blog, chat with us on Twitter, and help with our Totally Transparent Research process – open public debate over content makes the research better.
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
- Adrian’s Dark Reading Post on DB Threats and Countermeasures.
- Rich’s excellent TidBITS post on Apple’s Security Efforts in 2012.
- Incite 12/19/2012: Celebration.
- Friday Summary: December 13, 2012 – You, Me, and Twitter.
- The CloudSec Chicken or the DevOps Egg?
Favorite Outside Posts
- Mike Rothman: Why Collect Full Content Data?
- Adrian Lane: On Puppy Farm Vendors, Petco and The Remarkable Analog To Security … Nobody works a theme like Chris. I’m just wondering which part he would play in a remake of “Best In Show”?
Project Quant Posts
- Malware Analysis Quant: Index of Posts.
- Malware Analysis Quant: Metrics – Monitor for Reinfection.
- Malware Analysis Quant: Metrics – Remediate.
- Malware Analysis Quant: Metrics – Find Infected Devices.
- Malware Analysis Quant: Metrics – Define Rules and Search Queries.
- Malware Analysis Quant: Metrics – The Malware Profile.
- Malware Analysis Quant: Metrics – Dynamic Analysis.
Research Reports and Presentations
- Implementing and Managing Patch and Configuration Management.
- Defending Against Denial of Service (DoS) Attacks.
- Securing Big Data: Security Recommendations for Hadoop and NoSQL Environments.
- Tokenization vs. Encryption: Options for Compliance.
- Pragmatic Key Management for Data Encryption.
- The Endpoint Security Management Buyer’s Guide.
- Pragmatic WAF Management: Giving Web Apps a Fighting Chance.
- Understanding and Selecting Data Masking Solutions.
Top News and Posts
- Dell acquires Credant Technologies.
- Senator introduces bill to regulate data caps.
- Rebooting Security Engagement at Mozilla.
- Adobe hasn’t yet fixed Critical Shockwave vulnerability reported in 2010.
- Point-of-Sale Skimmers: No Charge…Yet.
- CSRF Protection for Public Functionality.
- Living with HTTPS. An HSTS discussion – from July apparently, but interesting.
- Hosting Antagonist automatically fixes vulnerabilities in customers websites.
Blog Comment of the Week
Securosis makes a $25 donation to Hackers for Charity. While there were no comments this holiday week, we have raised a sizable sum, which we will be donating this week. Thanks again for all your comments!