OOP the Easy Way
Object-Oriented Programming the Easy Way: a manifesto for reclaiming OOP from three decades of confusion and needless complexity.APPropriate Behaviour
APPosite Concerns
FSF
Category Archives: Policy
Security consultancy from the other side
I used to run an application security consultancy business, back before the kinds of businesses who knew they needed to consider application security had got past assessing creating mobile apps. Whoops! Something that occasionally, nay, often happened was that clients … Continue reading
Posted in Crypto, Encryption, Policy
Leave a comment
Don’t be a dick
In a recent post on device identifiers, I wrote a guideline that I’ve previously invoked when it comes to sharing user data. Here is, in both more succinct and complete form than in the above-linked post, the Don’t Be A … Continue reading
Posted in Data Leakage, IANAL, Policy, Privacy
Comments Off on Don’t be a dick
Want to hire iamleeg?
Well, that was fun. For nearly a year I’ve been running Fuzzy Aliens, a consultancy for app developers to help get security and privacy requirements correct, reducing the burden on the users. This came after a year of doing the … Continue reading
Posted in Business, Policy, Responsibility, software-engineering
Leave a comment
Protecting source code
As I mentioned on the missing iDeveloper.tv Live episode, one of the consequences of the Gawker hack was that their source code for their internal software was leaked into the Internet. I doubt any of my readers would want that … Continue reading
Posted in Business, code-level, Data Leakage, Encryption, Policy, Responsibility, software-engineering
5 Comments
On the Mac App Store
I’ve just come off iDeveloper.TV Live with Scotty and John, where we were talking about the Mac app store. I had some material prepared about the security side of the app store that we didn’t get on to – here’s … Continue reading
Posted in AAPL, Business, code-level, Encryption, government, iDeveloper.TV, Mac, Policy, Talk
1 Comment
A site for discussing app security
There’s a new IT security site over at Stack Exchange. Questions and answers on designing and implementing IT security policy, and on app security are all welcome. I’m currently a moderator at the site, but that’s just an interim thing … Continue reading
Posted in code-level, Policy, Privacy, Talk, threatmodel
Leave a comment
On Trashing
Back in the 1980s and 1990s, people who wanted to clandestinely gain information about a company or organisation would go trashing.[*] That just meant diving in the bins to find information about the company structure – who worked there, who … Continue reading
Posted in Business, Data Leakage, Policy, Twitter
Leave a comment
Losing your identity
Developers make use of cryptographic signatures in multiple places in the software lifecycle. No iPad or iPhone application may be distributed without having been signed by the developer. Mac developers who sign their applications get to annoy their customers much … Continue reading
Security flaw liability
The Register recently ran an opinion piece called Don’t blame Willy the Mailboy for software security flaws. The article is a reaction to the following excerpt from a SANS sample application security procurement contract: No Malicious Code Developer warrants that … Continue reading
Posted in Malware, Policy, Responsibility, Vulnerability
Comments Off on Security flaw liability
So it’s not just the Department of Homeland Security, then
What is it about government security agencies and, well, security? The UK Intelligence and Security Committee has just published its Annual Report 2008-2009 (pdf, because if there’s one application we all trust, it’s Adobe Reader), detailing financial and policy issues … Continue reading
Posted in Data Leakage, government, Policy
Leave a comment