June 2019

Bruce Marshall has put together a comparison of OWASP ASVS v3 and v4 password requirements: OWASP ASVS 3.0 & 4.0 Comparison. This is useful in and of itself, and is also the sort of thing that more standards bodies should do, by default. It’s all too common to have a new standard come out without…

Read More Passwords Advice

Post thumbnail

I’m happy to say that some new research by Jay Jacobs, Wade Baker, and myself is now available, thanks to the Global Cyber Alliance. They asked us to look at the value of DNS security, such as when your DNS provider uses threat intel to block malicious sites. It’s surprising how effective it is for…

Read More DNS Security

New at Dark Reading, my When Security Goes Off the Rails, Cyber can learn a lot from the highly regulated world of rail travel. The most important lesson: the value of impartial analysis. (As I watch the competing stories, “Baltimore City leaders blame NSA for ransomware attack,” and “N.S.A. Denies Its Cyberweapon Was Used in…

Read More When security goes off the rails