metrics

Post thumbnail

Earlier this year, I helped to organize a workshop at Schloss Dagstuhl on Empirical Evaluation of Secure Development Processes. I think the workshop was a tremendous success, we’ve already seen publications inspired by it, such as Moving Fast and Breaking Things: How to stop crashing more than twice, and I know there’s more forthcoming. I’m…

Read More Empirical Evaluation of Secure Development Processes

“90% of attacks start with phishing!*” “Cyber attacks will cost the world 6 trillion by 2020!” We’ve all seen these sorts of numbers from vendors, and in a sense they’re April Fools day numbers: you’d have to be a fool to believe them. But vendors quote insane because there’s no downside and much upside. We…

Read More Leave Those Numbers for April 1st

Then he explained the name was important for inspiring the necessary fear. You see, no one would surrender to the Dread Pirate Westley. The DREAD approach was created early in the security pushes at Microsoft as a way to prioritize issues. It’s not a very good way, you see no one would surrender to the…

Read More The DREAD Pirates

(From The Oatmeal.) It’s widely understood that Seattle needs a better way to measure snowfall. However, what’s lacking is a solid proposal for how to measure snowfall around here. And so I have a proposal. We should create a new unit of measurement: The Nickels. Named after Greg Nickels, who lost the mayorship of Seattle…

Read More Seattle in the Snow

On Friday, I watched Eric Ries talk about his new Lean Startup book, and wanted to talk about how it might relate to security. Ries concieves as startups as businesses operating under conditions of high uncertainty, which includes things you might not think of as startups. In fact, he thinks that startups are everywhere, even…

Read More Lean Startups & the New School