The Open Web Application Security Project (OWASP): An online community with a virtuous goal


One of our CTOvision Pro subscribers requested we provide more context on web based and mobile application security and referenced the good work underway by OWASP. Over the next few weeks we will be publishing more on this topic, but wanted to start with an introduction to OWASP itself. It is an open community we hold in […]

Your Enterprise has too many Cyber-ish People

Cyber has been called the ultimate team sport: CIOs, CTOs, SysAdmins, Software Developers, CISOs, threat teams, red teams, testing groups, etc. etc, but really should it be? It seems more like a jobs program that moves headcount from one part of the enterprise to the expensive nerdy-side. Sitting through a number of presentations at various […]

We Are Living In The Age of the Mega-Breach

Screen Shot 2014-12-12 at 10.57.01 AM

Every year for 19 Years Symantec has produced an Internet Security Threat Report, capturing insights which can inform defenses.  Their April 2014 report has proven to be particularly insightful, foreshadowing many of the events seen from that month to today.   For example, in 2012, there were 156 major data breaches increasing to 253 in […]

Security Blunder at the World Cup


One of the simplest steps to bolstering cybersecurity is employing caution and complexity vis-à-vis passwords. Good passwords cannot be found in the dictionary; good passwords do not consist of only letters or only numbers; good passwords do not get shared with friends and family. Good passwords also do not get Tweeted. So it came as […]

Georgia Institute of Technology Wins for Innovative Crowdsourcing Disaster Relief System


Note: We believe the release below will be of high interest to technologists in the national security, law enforcement and first responder fields. From: Disaster Relief Crowdsourcing Project At SoftwareAG’s Innovation World 2014 Software AG’s University Relations department has announced the winner of the first international student idea contest for the company’s Innovation World customer […]

Overcoming the Equation: Security = Friction


Why does security have to be so onerous? Is this password secure enough: Mxyzptlk? Wait, that might be vulnerable to a comic book dictionary attack (bonus points for Superman fans), so let’s add some numbers and special characters: M4xyZ!ptL#K. Not bad, but suppose policy requires 12 or more characters; we have to pad the password: […]