Category Archives: Security

Superfish has been getting a lot of attention – the Forbes article is one of the better overviews. Instead of jumping in and covering the details of Superfish, let’s look at how it might work in the real world. Let’s … Continue reading →

While the SCAP technologies are interesting, they have limited value without security content – the actual set of security tests run by SCAP. Fortunately there is a good set of content available that can be used as a starting point. … Continue reading →

We’re going to dig into SCAP in a fair amount of detail. So, let’s start by covering the various technologies that make up SCAP: XCCDF – the Extensible Configuration Checklist Description Format. An XML based language for creating machine parsable … Continue reading →

Security automation can be defined as the use of standardized specifications and protocols to perform specific common security functions. Which leads us to SCAP – the Security Content Automation Protocol, an industry and government initiative to automate security audits and … Continue reading →

If you are going to perform a security audit you need a checklist. Let’s spend a minute on this. If you want a predictable outcome, you need a standard process – a standard set of steps to go through to … Continue reading →