Isaac's Blog: Welcome to the Future: A Disciplined Approach to Talking About Security

Friday, November 11, 2011

A Disciplined Approach to Talking About Security

Recently, a thread about a security problem in a piece of open source software got a lot of attention. There was a vulnerability report, a defensive developer, persistent security folks, and of course sideline comments taking one side or the other. This discussion perfectly illustrates why it can be hard to have a civil discussion about security, and why even with the best of intentions and with skilled developers, security problems can persist in a software system.

Read More at the Galois Blog

No comments:

Post a Comment

About Isaac

I'm the CEO of Tozny, an innovative security and privacy company building easy to use products. Previously, I was the Principal Investigator for Assured Information Sharing at Galois.

Cryptography: One of my focus areas is in the correct use of cryptographic protocols and algorithms and I sometimes perform security analyses of innovative products.

Android: I occasionally write software for Android. My work in this area includes a simple guided meditation program as well as encryption and password storage app, in collaboration with the OpenIntents project.

Other Software: I'm have previously authored or maintained several software packages: The Haskell Cabal, a Haskell filesystem called Halfs. I also contributed some of the original code for Debian's apt-get cryptographic signature checking.

Social Software:I'm on Twitter as well as LinkedIn. For professional relationships, please find me there. Personal friends can find me on Facebook.

Non-Geek: I really enjoy road bike racing, rock climbing, hiking, reading good books, drinking coffee, and the awesomeness of Portland, Oregon :)