Schneier on Security's Journal
 
 [Most Recent Entries] [Calendar View]

Monday, March 11th, 2013

    Time Event
    6:12a
    Is Software Security a Waste of Money?

    I worry that comments about the value of software security made at the RSA Conference last week will be taken out of context. John Viega did not say that software security wasn't important. He said:

    For large software companies or major corporations such as banks or health care firms with large custom software bases, investing in software security can prove to be valuable and provide a measurable return on investment, but that's probably not the case for smaller enterprises, said John Viega, executive vice president of products, strategy and services at SilverSky and an authority on software security. Viega, who formerly worked on product security at McAfee and as a consultant at Cigital, said that when he was at McAfee he could not find a return on investment for software security.

    I agree with that. For small companies, it's not worth worrying much about software security. But for large software companies, it's vital.

    12:58p
    Dead Drop from the 1870s

    Hats:

    De Blowitz was staying at the Kaiserhof. Each day his confederate went there for lunch and dinner. The two never acknowledged one another, but they hung their hats on neighboring pegs. At the end of the meal the confederate departed with de Blowitz's hat, and de Blowitz innocently took the confederate's. The communications were hidden in the hat's lining.

    << Previous Day 2013/03/11
    [Calendar]     		Next Day >>

Schneier on Security   About LJ.Rossia.org