Wednesday, October 12, 2005

Moves to professionalise Infosec

Was at the ISC2 Secure London conference yesterday. Interesting day, and lots of interesting info. Check out uksaint.org which is a site supported by Intellect, the trade body for the UK hi-tech industry. It is currently hosting the working group info for the move to professionalising the information security industry.

Another interesting URL mentioned was www.staysafeonline.org which could be of use to your average user.

Interesting stats - from Gartner originally

75% of attacks are at application level
70% of vulnerabilities as at application level

and

Reducing the number of application vulnerabilities by 50% should lead to a 75% reduction in costs!

Nice

Non photo realistic Quake



How cool is that?

Security from the start

Dana Epp discusses building security into code and applications. This seems absolutely obvious but you would be astonished at how many organisations do not have secure coding guidelines or even best practices. This should help any application developers.

Thursday, October 06, 2005

The end for simple vulnerability scanning?

Nessus is dropping the GPL



Could change the way a lot of security consulting firms run the basic section of a security assessment, as nessus - even though it has its issues around false positives - has always been a staple part of the toolkit.