Our Assumed Trust in Cyber Security Vendors

Jul 24, 2024 | Articles, Podcast

Imagine you are a security manager being asked to do a security assessment on a new software for your organisation. It will be deployed across all Windows workstations and servers and will operate as a boot start driver in kernel mode, granting it extensive access to...

You’re Using More Open-Source Than You Realise

Jul 2, 2024 | Articles

My recent conference presentation on open-source security revealed a common theme. Audience members didn’t realise how pervasive open-source is. Everyone in the audience knew that their organisation uses a fair number of open-source components, but they thought that...

5 Steps for Securing Your Software Supply Chain

Apr 21, 2023 | Articles, Podcast, Posts

RSA Conference just published an article that I’ve written on the 5 steps for securing your software supply chain. Most modern applications are assembled from open source components with developers typically writing less than 15% of the code for their...

How Secure Is Your iPhone?

Feb 27, 2023 | Articles, Podcast, Posts

The Wall Street Journal has written an article that will challenge your belief on the security of your digital life. It reports on how a basic iPhone feature can allow criminals to steal your entire digital life. This basic feature is your pass code and the technique...

Your Website Might have an Unknown OSCP Dependency

Mar 12, 2020 | Articles, Posts

A few weeks ago, a friend who looks after a web server had an outage on their website and asked me to help troubleshoot. The cause of the outage surprised me and is the reason why I’m writing about it. The website outage was due to a dependency it had on the server of...

My Thoughts on FAIR

May 15, 2019 | Articles

photo taken from yorkfair.org I recently completed the FAIR analysis fundamentals course and here are my thoughts on it. FAIR stands for Factor Analysis of Information Risk, and is the only international standard quantitative model for information security and...