On the wall above my desk are five rules, and they are the framework for how I get things done

I revisit these rules every year, and they are subject to themselves. Always iterating, words paired to only those most important, without fear of criticism and at whatever pace necessary. They are also in a deliberate order. First and foremost, they must delight you, the customer.

I started developing these rules over a decade ago with a lot of trial and error and more importantly, a lot of help from the teams I’ve been a part of and led. Over…

Recently I had the great fortune to present at BSidesSF 2014 where I presented my thoughts on how despite huge technology advancements in application security we are still very much failing to make software secure right out of the gate. This has led me to start thinking of AppSec as just as much a sociological problem as a technology one. In my talk, I proposed we take ideas from Broken Window Theory and apply them to AppSec and in true BSides fashion, I was treated to a great discussion with an even greater audience.

For those looking for the slides from my talk, I’ve published them here:

Many thanks to all who came to hear my talk and I look very much forward to continuing this conversation and researching this unexplored and uncharted area of application Security.

NOTE: This post was written almost a decade ago. Everything here has since changed and I keep this post around only as a reminder of how things used to be.

Making sure your data is encrypted when it’s being stored somewhere outside of your direct control is a good idea. When that system has your customer's data on it, it’s a requirement. Unfortunately, when your data is in a cloud environment like Amazon EC2 your options can be limited, confusing or both. …

“I don’t believe society understands what happens when everything is available, knowable and recorded by everyone all the time” — Eric Schmidt, CEO, Google

Actually I think society does understand, or at least we used to. This is exactly why there is a separation between juvenile and adult criminal records. Regardless it’s all the more reason why your information should be your personal property.

Imagine for a second the prospect of an infinite record on everything you have ever done. According to Holman Jenkins, Jr. who was quoted by Marshall Kirkpatrick in a recent article in the ReadWriteWeb

[Schmidt] predicts…

“Privacy is dead, deal with it” — Scott McNealy then CEO of Sun

“If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.” — Eric Schmidt, CEO of Google

Zuck: Yeah so if you ever need info about anyone at Harvard
Zuck: Just ask.
Zuck: I have over 4,000 emails, pictures, addresses, SNS
[Unknown Friend]: What? How’d you manage that one?
Zuck: People just submitted it.
Zuck: I don’t know why. …

As I hold on for the long wait for my iPad 3G I was inspired to pull out my Apple Newton MessagePad 120 to baseline how far Apple has come since the Newton was first released in 1993. I was amazed at how unintuitive it was to use and thought about how our perceptions and expectations of a handheld user interface have been transformed by the iPhone. Putting my thoughts into a 1993 state of mind for a moment I imagined what it was like using this thing so long ago. …

  1. Read a rumor today that the upcoming Apple tablet might be called the iPad. I predicted it would be called the MacBook Tablet but I have to admit the iPad sounds compelling. It’s too close to iPod for me to like however. Rule one in marketing: Differentiate. My guess is that Apple is registering names of possible similar named products to avoid future problems.
  2. I will be presenting “Your Applications from Backdoors: How to Secure Your Business Critical Applications from Time Bombs, Backdoors & Data” at the OWASP Chicago meeting on Feb 2nd at 6:00 swing by (RSVP Req’d) for Pizza, Beer and Application Security discussions in the windy city.

I generally stay away from thinking about CES until the week is up and I can look at the big picture. For all the whining that goes on about FUD in the Information Security industry nowhere is there more hype and hyperbole than the annual consumer electronics show (CES) in Las Vegas. Here is our take on the events and products highlighted at this years CES event.

The annoying marketing gone crazy technology looking for a problem award goes to 3D TV

This year it seems everyone was talking about 3D TV’s with CNet, Engadget and others all talking about…

Earlier this week I predicted that the La La acquisition by Apple was the start of an entirely new in the cloud online strategy for the iTunes music and media store. A few days ago the Wall Street Journal (link) confirmed my predictions by reporting that according to sources familiar with the strategy, Apple was “exploring an overhaul of the way it sells and stores music” with changes coming as early as next year. AppleInsider also suggested an more online future for iTunes but was not as specific as the WSJ.

The WSJ article explains that several of the La…

With the pending acquisition of Lala by Apple speculation has begun on how Apple will integrate Lala into iTunes with many suggesting that this acquisition will enable iTunes to begin offering their own streaming services like last.fm or Pandora.

While these capabilities are almost certain to now find their way into iTunes, these predictions miss that something much larger is on the horizon. Apple didn’t acquire Lala just for it’s streaming capabilities, instead I believe that the pending acquisition of Lala by Apple signifies the beginning of an entirely new online iTunes platform and cloud computing media strategy for Apple.

The Future Started Yesterday

Opinions on Software Engineering, Startups and Cloud

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store