After a decade of doing compliance assessment work, I’m coming to terms with an uncomfortable truth: nobody likes compliance. It’s a miserable time-suck that slows down forward momentum. How did this happen? Where did compliance go wrong? Why is compliance...
When the technology industry is not inventing new gadgets, it is inventing new words, such as a next-generation firewall. This contrived word ultimately reshaped an entire market segment. The newest word on the market is Compliance Automation. Which is near and dear...
“Four years!” As soon as the words left my mouth, I regretted saying them. Not because they were wrong, rather the incredulousness in my voice was instantly met with furrowed brows and folded arms. Across the table was a potential customer, and thanks to my lack of...
Exploiting a SAML Implementation and SAML Vulnerability During a recent web application test, I discovered a bug in a Security Assertion Markup Language (SAML) implementation. This bug involved an insecure implementation of a SAML feature combined with a custom...
In her keynote at the RSA Conference this year, futurist and game designer Jane McGonigal said: any useful statement about the future should at first seem ridiculous. In the post-RSAC recovery period, I pondered the future trends in information security and built my...