AdministriviaDec 05 2006 06:02PM Mark Curphey (mark curphey com)
A couple of small things
1. A few people pointed out that I approved a post about what appears to be
commercial software. Having moderated the webappsec list for a number of
years where this issue was somewhat emotive, I am well aware of the
potential for unscrupulous vendors to start product placement on seemingly
independent mailing lists and for a slippery slope to start. What we did on
webappsec was to instigate a rule where only OSI compliant software or that
with no license (totally free) was allowed through. This worked well for
webappsec, however I would argue that there is a lot less mature info sec
security management software and I suspect many readers actually want to
hear about experiences of tools like Archer, Xacta etc. Therefore I will
monitor it and if it starts to become an issue (I'll use some lexical
analysis software as an experiment) well instigate the OSI rule.
For the record Fred was obviously not doing this and has done nothing wrong,
just evoked some passion among some.
2. I have moved back from the States to the South of France. This means two
things. The first is that I currently am waiting on DSL and so have
temperamental internet access to approve posts at present. The second is
time zones for approving messages are different.
3. I have been working on a project with some talented folks from this list.
It will be called the ISM Community. While we have a lot of work to do
before we release our first project just after Christmas (as well as a good
community web site with blogs, forum, articles etc) we are looking for a
broad range of beta testers to implement a Practical Risk Assessment
Methodology in the real world and provide feedback. If anyone is interested
in applying a fast, practical quantitative methodology along with worksheets
and templates we would love to hear from you. We obviously don't want your
risk results but do want feedback, suggestions and you experience of using
it in the real world so if you have any RA's to do in the last two weeks of
December, can commit to providing some detailed feedback and critique then
please send me an email offline.
Your time will be rewarded with an ISM-Community t-shirt!
1. A few people pointed out that I approved a post about what appears to be
commercial software. Having moderated the webappsec list for a number of
years where this issue was somewhat emotive, I am well aware of the
potential for unscrupulous vendors to start product placement on seemingly
independent mailing lists and for a slippery slope to start. What we did on
webappsec was to instigate a rule where only OSI compliant software or that
with no license (totally free) was allowed through. This worked well for
webappsec, however I would argue that there is a lot less mature info sec
security management software and I suspect many readers actually want to
hear about experiences of tools like Archer, Xacta etc. Therefore I will
monitor it and if it starts to become an issue (I'll use some lexical
analysis software as an experiment) well instigate the OSI rule.
For the record Fred was obviously not doing this and has done nothing wrong,
just evoked some passion among some.
2. I have moved back from the States to the South of France. This means two
things. The first is that I currently am waiting on DSL and so have
temperamental internet access to approve posts at present. The second is
time zones for approving messages are different.
3. I have been working on a project with some talented folks from this list.
It will be called the ISM Community. While we have a lot of work to do
before we release our first project just after Christmas (as well as a good
community web site with blogs, forum, articles etc) we are looking for a
broad range of beta testers to implement a Practical Risk Assessment
Methodology in the real world and provide feedback. If anyone is interested
in applying a fast, practical quantitative methodology along with worksheets
and templates we would love to hear from you. We obviously don't want your
risk results but do want feedback, suggestions and you experience of using
it in the real world so if you have any RA's to do in the last two weeks of
December, can commit to providing some detailed feedback and critique then
please send me an email offline.
Your time will be rewarded with an ISM-Community t-shirt!
[ reply ]