Author Archives: Ryan Berg

Stewing Over Software Ingredients


July 15, 2014 By
Ryan Berg
Fresh Ingredients

Just the other day I was planning dinner for my family and thought it would be a great idea to bust out the Dutch oven I had to have, but rarely use, and make a nice stew. I ran to the grocery store to grab some fresh carrots, turnips, onions, a couple of Yukon Gold potatoes, and some fresh chicken (and a bottle of nice wine for the thirsty chef). I needed a quick start and an on-time finish. Or it would be another failed product delivery — followed by a rapid desire by my family to outsource.

Continue reading...

Categories: Uncategorized

Are OpenId and OAuth ‘Bleeding’?


May 7, 2014 By
Ryan Berg
OpenId and OAuth

Now that Heartbleed has become the new measuring stick for vulnerability disclosures, I have had several people ask me, “Is this OpenId/Oauth thing the next Heartbleed?” The long answer, as Run DMC once said, is “It’s Tricky, Tricky, Tricky, Tricky”. The TL/DR (too long/didn’t read) answer is “No”.

Continue reading...

Categories: Uncategorized

Flaws vs Bugs


September 5, 2013 By
Ryan Berg

DevOps is certainly the buzzword of the year. Everywhere you turn, people are referring to DevOps and Continuous Delivery. It seems as though the final frontier to developer productivity has arrived. The reality, which is what large organizations deal with on a day to day basis, is like all development methodologies in the past; the […]

Continue reading...

Categories: Uncategorized

Hack Takes a Bite of the Apple


July 23, 2013 By
Ryan Berg

The latest news hitting the wire, the internet, the blogosphere and the social media circuit is the hack of the Apple developer site that was acknowledged by Apple. To no one’s surprise, this was followed by the typical shame and blame game. I don’t know about you but I am getting a little tired of the sensationalist […]

Continue reading...

Categories: Uncategorized

Soup Anyone?


June 28, 2013 By
Ryan Berg

I recently attended and gave a brief talk at the Sofware Assurance Working Group. I spoke about the need for security folks to speak with developers – not at them. This is a frequent topic in the security space but I have to question, have we gotten any better? My answer –  “Not so much”. […]

Continue reading...

Categories: Uncategorized

Do Vulnerability Counts Really Matter?


June 20, 2013 By
Ryan Berg

Do vulnerability counts from sources like the National Vulnerability Database (CVE data) and Open Source Vulnerability Database (OSVDB) really matter? A recent article by Robert Lamos at darkREADING, questioned the usefulness of the metrics generated by these reports since the counts don’t add up. Looking at the trends, it’s been easy to see that vulnerabilities are increasing, but […]

Continue reading...

Categories: Uncategorized