Shostack + Friends Blog Archive


Top Security Stories of the Year?

Next week, I’ll be joining a podcast to discuss “top security stories of the year.”

I have a couple in mind, but I’d love to hear your nominations. What are the most important things which have happened in information security in the last year?

3 comments on "Top Security Stories of the Year?"

  • DanT says:

    For the first time, IT and business leaders considered security before jumping on the latest technology trend/fad.
    When asked why their organizations were not using cloud computing, 59% of IT and business leaders polled by CIO Magazine cited security concerns. (see
    Although they spin it negatively (“turning a blind eye to the potential business benefits of cloud computing”), a survey with similar results is here:
    Google “cloud computing survey” for more.

  • Chris says:

    I do not know if this is a story as much as it is a trend, but I would nominate:
    The increasing mainstreaming of publishing data to back infosecurity decision-making, as exemplified by things like the Verizon DBIRs, Microsoft’s Security Intelligence Reports, WhiteHat’s Security Statistics reports, and the OSF’s DataLossDB.

  • Dissent says:

    Well, I’m not a security pro, but here are some of the things I’ve noticed this year while reporting on breaches:
    1. Many folks learned that just because you paid oodles of money and were told you were PCI-DSS compliant, it doesn’t mean you’re really PCI-DSS compliant.
    2. States Attorney General are getting testy and investigating breaches if those affected aren’t notified PDQ and the public is also coming to expect notification within weeks instead of months or years.
    3. Attacks on the financial sector became more sophisticated and harder to detect.
    4. No matter how much discussion there’s been of SQL injections, that’s still an ongoing problem.
    hth… feel free to laugh at my cluelessness. 🙂

Comments are closed.