It’s the holiday season, people are leaving for vacation, and most people have things other than security on their minds – including me – so I’ll keep today’s Friday Summary short.
It’s time to reflect on the successes – and failures – of the past year. For the most part 2012 has been a good year for the Securosis Team: Rich, Mike, Dave Mortman, Dave Lewis, Jamie Arlen, Gunnar Peterson, and I have all been active with research, conference presentations, webcasts, consulting projects, and engaging the community at large. We did more deep-dive research projects than we have ever done before. And more importantly, despite the huge amount of work, it remains fun. I believe everyone on the Securosis team loves working in the field of IT Security, and despite having seen the ugly underbelly of the profession, it is simply one of the most interesting and challenging fields imaginable. Our candid internal research debates are a genuine treat; and chat discussions are simultaneously illuminating, depressing, funny, and rewarding. I am really lucky to work with such a great team and have so many interesting projects to work on! Sure, I could do without the daily baths in vendor FUD, but I just can’t imagine doing anything else. Well, perhaps I can imagine running off to be a roadie for an AC/DC world tour, but then reality sets in and I come back here.
For those of you who are wondering what we will be up to in the New Year, we will publish a full research calendar in the coming weeks. We have several projects starting on endpoint security, web applications, mobile, and cloud IAM. And several of us will be presenting at conferences early next year – notably the Phoenix ISSA meeting January 8 and the Open Group conference in Newport Beach, California on the 28th of January.
This is the last Friday Summary of 2012. I would like to thank all of you who read and participate on the blog, chat with us on Twitter, and help with our Totally Transparent Research process – open public debate over content makes the research better.
Happy Holidays!
–Adrian
On to the Summary:
Adrian’s Dark Reading Post on DB Threats and Countermeasures.
Rich’s excellent TidBITS post on Apple’s Security Efforts in 2012.
Mike Rothman: Why Collect Full Content Data?
Adrian Lane: On Puppy Farm Vendors, Petco and The Remarkable Analog To Security … Nobody works a theme like Chris. I’m just wondering which part he would play in a remake of “Best In Show”?
Implementing and Managing Patch and Configuration Management.
Securing Big Data: Security Recommendations for Hadoop and NoSQL Environments.
Pragmatic WAF Management: Giving Web Apps a Fighting Chance.
Adobe hasn’t yet fixed Critical Shockwave vulnerability reported in 2010.
Delta Air Lines publishes privacy policy, but reseacher finds a fault.
Living with HTTPS. An HSTS discussion – from July apparently, but interesting.
Hosting Antagonist automatically fixes vulnerabilities in customers websites.
Securosis makes a $25 donation to Hackers for Charity. While there were no comments this holiday week, we have raised a sizable sum, which we will be donating this week. Thanks again for all your comments!