Demanding Security from your Vendors

How does any organization have a productive and meaningful security conversation? This guide offers a simple and meaningful security conversation guide. These conversations would help the organization determine the real security risk from their vendors.  This is an updated version of a set of questions Operators (and vendors) can use to have these meaningful conversations. 

Huawei’s Customers Share Accountability

Vendors have a responsibility to deliver products to the best of their “security” capacity. At the same time the vendor’s customer have a responsibility to push for security accountability. Huawei’s Customers share accountability for the lack of security capabilities and capacity.  Huawei responds to the DEFCON presentation ….  “We are aware of the media reports Read More

Is the “Full Disclosure” vs “Non-Disclosure” Debate Dead? NOT

I was watching Matthew Watchinski walk through the events and activities behind our Adobe vulnerability this past Feb (see US CERT’s “Adobe Acrobat and Reader Vulnerability TA09-051A“). What struck me about Matt’s talk is a statement he made near the end: “… Full Disclosure vs Non-Disclosure debate is dead. I learned this because my E-mail Read More