Quick note: Don’t forget to RSVP to the RSA Disaster Recovery Breakfast, and sign up for the Inagural Cloud Security Alliance training class we are building & running.

I had one of those awesome, weird, enlightening experiences today… and it’s actually relevant to technology and security. Probably.

The thing that initially got me hooked on blogging was how it enabled a persistent community discussion. We could all debate issues out in the open, asynchronously (since some of us spend a lot of time trapped on planes), and everything becomes part of the public record. It was like the internal peer review process we had at Gartner (which is far better than most outsiders realize) burst open and spewed all over the Internet.

Sure, some blogs really sucked, and there was no shortage of trolls, but it’s how I got to meet people like Rothman, Hoff, Martin McKeay, and many many others. It also led directly to how we handle review and our Totally Transparent Research process.

But over the past year we have noticed a serious decline in blogging in general and comments on our site specifically. It’s actually a lot harder to come up with all these Summary links, because the initial idea was to share link love, but we mostly refer to the same people or link to news stories. This isn’t unique to us – a lot of our blogging friends have mentioned it (the few who blog).

We all know Twitter is the culprit. I love Twitter, but it makes me sad that we lose the asynchronous conversations and persistence (come on, no one really reads old Tweets). Even when I’m sitting at my desk I can’t keep up with everyone I want to follow.

Earlier today I tweeted that I needed some review on a couple incident response posts I’m working on. This was for a series we have been working on for a couple months.

What did I learn? We have very few comments on the posts, but I got a ton of response over Twitter and some amazing feedback via email.

Maybe I’m old, but although I still prefer having these discussions through the blog, I realize it’s time to start moving them more to Twitter. The problem will be finding the delicate between getting valuable feedback and contributing back to the community without ‘abusing’ the medium. We pump out way too much content for me to toss everything out to Twitter… and I’m not even comfortable tweeting links to all my posts. Any suggestions appreciated.

On to the Summary:

Webcasts, Podcasts, Outside Writing, and Conferences

Favorite Securosis Posts

  • Adrian Lane: The Appearance Myth. This is so spot on. I stopped carrying Star Wars paperbacks in my back pocket and brushed my hair – suddenly nobody believed I was a UNIX Admin. Get my first CTO job and started wearing a collared shirt, and suddenly I must not understand the abstract factory design-pattern or IPC. Wear the wrong garb and you are shunned.
  • Mike Rothman: APT Defeated by Marketure. And here I thought Oswald killed the APT.
  • Rich: Mogull’s Law. Yet another old post, but I picked this one because for some reason when I Google my name (for news alerts) this is the top link. Can’t argue with Google.

Other Securosis Posts

Favorite Outside Posts

Research Reports and Presentations

Top News and Posts

Blog Comment of the Week

Remember, for every comment selected, Securosis makes a $25 donation to Hackers for Charity. This week’s best comment goes to shrdlu, in response to Funding Security and Playing God

Your experience has shown you that finding a bug THAT YOU INTEND TO FIX is cheaper to fix early on. That’s great. But fixing is a choice, based on risk assessment. Businesses make that choice every day. And we’re not providing good arguments for them to choose something when we use circular logic to tell them they should fix it simply because we found it, and that finding it makes it certain to be a problem that will affect them.