Author Archives: Ryan Berg

Another Security Breach … Just in time for the holidays.


December 23, 2013 By
Ryan Berg
Holiday Breach

It just wouldn’t be the holiday season without a report of another major security breach. This time Target is the victim and, true to form, the shame and blame game follows. At this point it shouldn’t come to anybody’s suprise that compliance doesn’t equal secure. Even though the full details of the attack are unknown, you […]

Continue reading...

Do Vulnerability Counts Really Matter?


June 20, 2013 By
Ryan Berg

Do vulnerability counts from sources like the National Vulnerability Database (CVE data) and Open Source Vulnerability Database (OSVDB) really matter? A recent article by Robert Lamos at darkREADING, questioned the usefulness of the metrics generated by these reports since the counts don’t add up. Looking at the trends, it’s been easy to see that vulnerabilities are increasing, but […]

Continue reading...

Good Hygiene Should be a Foundation of Application Security


June 19, 2013 By
Ryan Berg

Over the past week, there have been several articles, blog posts and security institutes about the latest release of the OWASP Top 10. Now is the right time to join the discussion. All this chatter doesn’t come as a surprise to me or others that have been long time participants in the application security space. […]

Continue reading...

Application Security, Not so Black & White


May 8, 2013 By
Ryan Berg

I’m glad to see that Simon Phipps, independent open source consultant and a director of the Open Source Initiative, promote the need to manage components effectively. In his recent InfoWorld article he notes: “Cyber security is on the national political agenda, but do we really understand what it takes to be secure? Now that enterprise […]

Continue reading...