incentives

Photograph of a sign posted on a screen door, saying "Be Aware of the Word's + Action's you chose here. All is being recorded for reviewing"

Secure-by-Design has an Incentive Problem

| | CISO, Compliance, incentives, Insight IdM, secure by design, Security Architecture
In my last blog post, I argued that we don’t need more innovation invention to fix the broken state of SaaS and cloud security that Patrick Opet’s open letter was calling out ...
Talking Identity
Dave Plummer explains the CrowdStrike IT Outage - Retired Windows Developer

The CrowdStrike Outage and Market-Driven Brittleness

| | economics of security, externalities, incentives, risk assessment, Uncategorized
Friday’s massive internet outage, caused by a mid-sized tech company called CrowdStrike, disrupted major airlines, hospitals, and banks. Nearly 7,000 flights were canceled. It took down 911 systems and factories, courthouses, and ...
Schneier on Security

On Vulnerability-Adjacent Vulnerabilities

| | Exploits, incentives, patching, Uncategorized, zero-day
At the virtual Enigma Conference, Google’s Project Zero’s Maggie Stone gave a talk about zero-day exploits in the wild. In it, she talked about how often vendors fix vulnerabilities only to have ...
Schneier on Security

Programmers Who Don’t Understand Security Are Poor at Security

| | incentives, programming, psychologyofsecurity, securityengineering
A university study confirmed the obvious: if you pay a random bunch of freelance programmers a small amount of money to write security software, they're not going to do a very good ...
Schneier on Security