Our Blog

Squinting at Security Drivers and Perspective-based Biases

Reading time: ~12 min
While doing some thinking on threat modelling I started examining what the usual drivers of security spend and controls are...

Metricon 2011 Summary

Reading time: ~5 min
[I originally wrote this blog entry on the plane returning from BlackHat, Defcon & Metricon, but forgot to publish it....

Incorporating cost into appsec metrics for organisations

Reading time: ~17 min
A longish post, but this wasn’t going to fit into 140 characters. This is an argument pertaining to security metrics,...