Linus’s Law aka “Many Eyes Make All Bugs Shallow”

How many of you have heard “many eyes make all bugs shallow”?  My guess is that many of you have and that it may have been in conjunction with an argument supporting why Linux and Open Source products have better security.  For example, Red Hat publishes a document at www.redhat.com/whitepapers/services/Open_Source_Security5.pdf, which they commissioned from TruSecure…
Read more Linus’s Law aka “Many Eyes Make All Bugs Shallow”

Artima: Microsoft Under Attack

A new article called Microsoft Under Attack summarizes itself by saying: Not by angry customers suing for damages after security breaches, or by governments breaking up monopolies, but by open source developers and security professionals accusing them of being obsessed by security. The content goes on to chronicle a panel discussion moderated by the author…
Read more Artima: Microsoft Under Attack

A (Not Always Funny) History and Analysis of Web-Based Antivirus and Security Products

When I first read (in 2006) about the “new category for security products” represented by Microsoft OneCare Live, Symantec Genesis and McAfee Falcon, I must admit to a small chuckle.  In my AV days, I saw a few of these web security products launched, each of which did a big belly flop.  Maybe it will…
Read more A (Not Always Funny) History and Analysis of Web-Based Antivirus and Security Products

Web-based Security Deja-Vu: Microsoft OneCare Live, Symantec Genesis and McAfee Falcon

Windows Live OneCare has made it’s debut, among various comments about this being a new category of security product and apparently it is a hot new category to judge from the established antivirus vendors and the press activity.  Symantec announced in February that it will have a competitive product, code-named Genesis, and McAfee announced this…
Read more Web-based Security Deja-Vu: Microsoft OneCare Live, Symantec Genesis and McAfee Falcon

A (Not Always Funny) History and Analysis of Web-Based Antivirus and Security Products

When I first read (in 2006) about the “new category for security products” represented by Microsoft OneCare Live, Symantec Genesis and McAfee Falcon, I must admit to a small chuckle.  In my AV days, I saw a few of these web security products launched, each of which did a big belly flop.  Maybe it will…
Read more A (Not Always Funny) History and Analysis of Web-Based Antivirus and Security Products

New Enterprise Linux – Ubuntu

For business use, the largest driver of Linux adoption has been the Enterprise Linux releases.  Product names aside, I am referring to those Linux-based distributions that offer longer, multi-year support commitments for a version of the product.  To date, the primary examples of this (and not coincidentally market leaders) have been Red Hat Enterprise Linux,…
Read more New Enterprise Linux – Ubuntu

Address Space Layout Randomization (ASLR) in Windows Vista Beta2 ?

UPDATE:  Mike Howard has posted to his blog, confirming David and providing details on the Vista ASLR features.   So, a couple of weeks ago, Jesper Johannsen wrote how the Windows Firewall was one of his favorite security features in Windows Vista.  My favorite security enhancements tend to be architectural security improvements.  I recall the…
Read more Address Space Layout Randomization (ASLR) in Windows Vista Beta2 ?

Windows Vista Beta2 Security Paper

Was reading Dana Epp’s blog and found reference to a new Microsoft paper called  Microsoft® Windows Vista™ Security Advancements.  Good overview of most security enhancements in Beta2. The funny part of this story is that Dana noticed the paper while reading Mike’s blog, which I hadn’t read yet today. I hadn’t read this paper yet, so…
Read more Windows Vista Beta2 Security Paper

Novell Removes /truth and Security from Linux Site

Provocative, but technically true.  You may or may not recall that Novell published www.novell.com/linux/truth in response to Microsoft’s www.microsoft.com/getthefacts site.  I browsed out there yesterday to see the current truth for myself and was redirected to http://www.novell.com/whynovell/.  You can still look at the google cache of the /truth site by using the search terms “site:novell.com inurl:truth” and…
Read more Novell Removes /truth and Security from Linux Site

JeffOS EAL4+ Secure System

(read my background article first) JeffOS gets EAL4+ certification… not really.  Primarily because I haven’t created JeffOS.  But hey, I’m thinking about it, so stay with me while I think about what configuration of JeffOS I should submit for evaluation.  What?  Does the evaluated configuration make a difference?  IF JeffOS is evaluated EAL4+, doesn’t that…
Read more JeffOS EAL4+ Secure System

The Importance of the “Evaluated Configuration” in Common Criteria Evaluations

How many of you have heard of the Common Criteria ?  If you’ve ever done security work with government, you probably have.  If not, then possibly not.  Either way, read on and I’ll give you my own view, including some of the barnacles clinging to the hull of the general program. Common Criteria Background Way…
Read more The Importance of the “Evaluated Configuration” in Common Criteria Evaluations

Coverity Confused Claims Cause Consternation and Confusion

Okay, maybe it only causes me consternation, but this is exactly the sort of thing that raises my temperature.  With the academic background of Coverity founders, one should expect a certain amount of rigor and care when it comes to analysis and conclusions, but I find myself disappointed. Jeff, you say, what are you talking…
Read more Coverity Confused Claims Cause Consternation and Confusion