Welcome to TechNet Blogs Sign in | Join | Help

Browse by Tags

All Tags » Commentary   (RSS)

Perception: Case in Point

I love it when a good, real-life example falls right into your lap. As you know from my recent posts, I’ve been doing a series of articles probing Mozilla and Firefox security claims.  I think I’ve been pretty open about why, but I always seem to Read More...
Posted Thursday, February 05, 2009 8:38 PM by jrjones | 3 Comments

CIO.COM: Mozilla and “Counting Still Easy…”

[DISCLOSURE for those who don’t read about boxes: I work for Microsoft.] I admit that I enjoy discussing issues and digging into claims to see if I can find fractures or flaws in logic. When I ran product management teams for companies in previous roles, Read More...
Posted Thursday, February 05, 2009 7:03 PM by jrjones | 1 Comments

CIO.COM: Can Mozilla Support Their Security Claims?

Mozilla bills Firefox as the most secure Web browser on the planet, but is it really? Follow along with this series and see if the claims hold up to close scrutiny. Today, I started a multi-part article series on cio.com (Security landing page: http://www.cio.com/topic/1419/Security Read More...
Posted Thursday, January 15, 2009 12:24 AM by jrjones | 28 Comments

Exploitability Index - More Information for Customers

Yesterday at Black Hat 2008, along with some other stuff , we announced that we will be adding some new information to Security Bulletins - an "Exploitability Index" for each of the vulnerabilities addressed by the bulletin. Based upon talking with Microsoft Read More...
Posted Wednesday, August 06, 2008 5:20 PM by jrjones | 1 Comments

RSA Crypto Panel: Martin Hellman on 0.01% Events

In the past, I haven't always stayed to hear the Crypto panel, but based upon the excellent one this year, I'll definitely include it in my plans going forward. If you want to hear an overview of what they all said, I can recommend Robert Vamosi's story Read More...
Posted Thursday, April 10, 2008 1:04 AM by jrjones | 1 Comments

Severity Rating Systems - Part 1

Read the full Part 1 on CSOonline . Recently, Red Hat has raised some objections to my use in analysis of the High, Medium and Low severity ratings as determined by the National Institute of Standards (NIST) for the National Vulnerability Database (NVD) Read More...
Posted Friday, November 02, 2007 10:32 PM by jrjones | 0 Comments

Red Hat Enterprise Linux 4 Passes 1000 Vulnerabilities

A few weeks after my July OS Vulnerability Scorecard posting, I was amused to see a posting about it on truthhhappens.redhatmagazine.com (click to see the post). I can't even do it justice by paraphrasing, so here is the text: A Microsoft vulnerability Read More...
Posted Tuesday, October 16, 2007 6:23 PM by jrjones | 5 Comments

What if We Had Vuln-Free Software?

I was in a meeting with a large group of security professional today talking about SDL, reducing vulnerabilities, metrics, and so on - my normal topics - and we got into a really interesting discussion about which areas of focus can get the best practical Read More...
Posted Saturday, September 29, 2007 12:00 AM by jrjones | 1 Comments

Windows XP vs Windows Vista Security

So, a couple of days ago, I happened upon the tantalizing headline of Review: Vista, XP Users Equally At Peril To Viruses, Exploits. What!? As you can imagine, the headline sucked me in and I had to read it. Frankly, the article as well as the scientific Read More...
Posted Friday, June 01, 2007 10:21 PM by jrjones | 3 Comments

Windows Server codename "Longhorn" - Server Core Install

This past weekend I dug into an aspect of Windows Server codename "Longhorn" to personally check out something that I've been excited about for a while - a "server core" installation. Doing the Installation After burning myself a Beta3 disk, I fired it Read More...
Posted Tuesday, May 15, 2007 11:37 PM by jrjones | 1 Comments

Just for Fun: Covering My Coverage

Since published my Windows Vista - 90 Day Vulnerability Report , I have been reading a lot of the various commentary and generally, I take it with a grain of salt. Many of the comments indicate that the person didn't even read the report, which is fairly Read More...
Posted Friday, March 30, 2007 9:49 PM by jrjones | 0 Comments
 
Page view tracker