Following the Wh1t3 Rabbit - Practical Enterprise Security

Enterprise Security organizations often find themselves caught between the ever-changing needs of the agile business, and the ever-present, ever-evolving threats to that business. At the same time – all too often we security professionals get caught up in “shiny object syndrome” which leads us to spend poorly, allocate resources unwisely, and generally de-couple from the organization we’re chartered to defend. Knowing how to defend begins with knowing what you’ll be defending, why it is worth defending, and who you’ll be defending from… and therein lies the trick. This blog takes the issue of enterprise security head-on, challenging outdated thinking and bringing a pragmatic, business-aligned, beyond the tools perspective … so follow the Wh1t3 Rabbit and remember that tools alone don’t solve problems, strategic thinkers are the key.

Rafal (Principal, Strategic Security Services)

Vulnerable Open-Source Code in the Enterprise - 3 Keys to Avoiding Security Issues

Way, way back in December 2008 I wrote a piece on this blog called "Open or Closed [source]? Which is more secure?" and it got some people talking and debating ... some of you may actually remember that post if you've been reading my stuff for a while.  Now we appear to be back to this again in another study Aspect Security recently did ... so it's time for me to re-visit the idea ...again.

So ...Who REALLY Cares?

As we close out another year, and look back at all the data breaches that were enabled through the hundreds of thousands of helpfully vulnerable web applications -it's time to once again ask how we can prevent this next year.


There are no good answers, of course, but I think I've managed to get things down to a basic question that I feel like we all need to ask ourselves.  There is one fundamental question that is at the heart of every good security program that acts not only as a check-box at the end of it all but becomes a pervasive thread throughout all application delivery.

About the Author(s)
Follow Us
Twitter Stream

Community Announcements
HP Blog

Technical Support Services Blog

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation