Link to the Show / Show NotesRecently an Internet security newsletter article caught my attention. It's by David Utter, who is a business and technology writer for SecurityProNews. He listed the Top 10 security risks for 2007 that were published by the McAfee.com folks from their Avert Labs data.
I thought I'd ask Deb Radcliff to comment on this because she is an award-winning investigative writer and speaker on information security. She's spent the last 13 years writing about what can go wrong with software and firmware applications. What is it with software and hardware manufacturers on security? Seems they have created a never-ending cycle here. Ever wonder why devices aren't more secure before they are shipped?
Deb recently joined forces with Mark Kadrich and Rodney Thayer to start a closed-loop security process testing company, the SecurityConsortium.net, in San Jose, Calif. They will conduct stress tests on new applications and publish their findings. Rodney heads up testing, where he'll put applications under real-world pressures and report how they act.
Rodney sat on many historic IETF standards working groups, including IPsec, PGP and x.509 digital certificates. He is a member of several security testing and research groups, including Network World's Test Alliance, and the Schmoo Group ( www.schmoo.com).
Deb invited Rodney to this podcast to chime in on how testing of new applications in real network conditions is critical to protecting enterprises proactively, as compared to today's typical reactive measures that rely on knowing or accurately predicting where the vulnerabilities are and what an attacker's going to do.
ok .. so let's get rolling on this list of the Top 10 security threats for 2007
RSS Feed