This morning, we released the latest version of the Microsoft Security Intelligence Report (SIRv6), examining industry-wide software vulnerability disclosures, Microsoft vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. I am one of the primary contributors to the SIRs, so naturally I think you should download it immediately and read it cover to cover ;-) However, I understand that some of you may not wish to read a 150 page technical analysis...

The RSA Conference team has done an excellent job of making videos available this year for those that could not attend the conference live. Plus, like watching your American Idol on your DVR, you can easily skip past the parts you find boring and just focus on the exciting stuff. RSA Conference 2009 kicked off with a video honoring Edgar Allen Poe and tying Poe to cryptography, which led into an awesome dual violin performance that I thoroughly enjoyed ( do not skip the opening ceremony video!) The...

RSA Conference 2009 Webcasts – Day 4 Keynotes (Friday) There is only a relatively small group of people that stay all the way to the end of the RSA Conference to see the final Friday keynotes, but they were worth the wait. I can honestly say the two afternoon keynote sessions were my favorite ones of the whole week. Why? How about this? Dr. Hugh Thompson (of People Security and the Hugh Thompson Show ) and firewall legend Bill Cheswick do a rap video… sing it with me now “…There were patches...

RSA Conference 2009 Webcasts – Day 4 Keynotes (Friday) There is only a relatively small group of people that stay all the way to the end of the RSA Conference to see the final Friday keynotes, but they were worth the wait.   I can honestly say the two afternoon keynote sessions were my favorite ones of the whole week.  See my previous post: Cheswick and Thompson ‘Securin Ain’t Easy’ Rap Video @ RSA 2009 about the first keynote. And the final keynote?  … Jamie Hyneman and Adam...

Although we posted some of our initial thoughts, and have been getting some great feedback from everyone, Rich and I realized that we need a standard patch management cycle so that we can break apart the different parts of the project, so that they can be considered separately and in detail. Rich has researched several other patch management cycles, and posted a graphic that represents a tentative granular cycle that enables us to move forward.  Clicking on the image will take you to the Project...

The RSA Conference team has done an excellent job of making videos available this year for those that could not attend the conference live. Plus, like watching your American Idol on your DVR, you can easily skip past the parts you find boring and just focus on the exciting stuff. (Again, if you haven’t watched it, I encourage you to watch the Opening ceremony from day 1.) The keynote webcasts for Wednesday: Melissa E. Hathaway , National & Homeland Security Council Panel Discussion , Information...

The RSA Conference team has done an excellent job of making videos available this year for those that could not attend the conference live. Plus, like watching your American Idol on your DVR, you can easily skip past the parts you find boring and just focus on the exciting stuff. (Again, if you haven’t watched it, I encourage you to watch the Opening ceremony from day 1.) The webcast keynotes for Thursday: Brian J. Truskowski , IBM Global Technology Services Philippe Courtot , Qualys Dave Hansen...

I am pleased today to announce a project that I have been working to get going for a little while – Project Quant – an open model/method development project being done in conjunction with Rich Mogull of Securosis with the goal of developing a cost model for patch management response that accurately reflects the financial and resource costs associated with the process of evaluating and deploying software updates (patch management). For me, this is a convergence of two passions that I have in my job...