Author Archives: Russell Doty

IoT (Internet of Things) devices have – and in many cases have earned! – a rather poor reputation for security. It is easy to find numerous examples of security issues in various IoT gateways and devices. So I was expecting … Continue reading →

Perhaps the greatest question about Superfish is what can we do about it. The first response is to throw technology at it. The challenge here is that the technology used by Superfish has legitimate uses: The core Superfish application is … Continue reading →

Superfish has been getting a lot of attention – the Forbes article is one of the better overviews. Instead of jumping in and covering the details of Superfish, let’s look at how it might work in the real world. Let’s … Continue reading →

The previous article introduced SCAP technologies. While the SCAP technologies are interesting, they have limited value without security content – the actual set of security tests run by SCAP. Fortunately there is a good set of content available that can … Continue reading →

The previous article introduced the concept of security guides as executable content and introduced SCAP. We’re going to dig into SCAP in a fair amount of detail. So, let’s start by covering the various technologies that make up SCAP: XCCDF … Continue reading →

The last article introduced the US National Checklist Program. Security automation can be defined as the use of standardized specifications and protocols to perform specific common security functions. Which leads us to SCAP – the Security Content Automation Protocol, an … Continue reading →

The last article introduced the need to automate security. If you are going to perform a security audit you need a checklist. Let’s spend a minute on this. If you want a predictable outcome, you need a standard process – … Continue reading →