security education – Noise

Education in Secure Software Development

Bruce Schneier — Thu, 01 Aug 2024 11:03:53 +0000

The Linux Foundation and OpenSSF released a report on the state of education in secure software development.

…many developers lack the essential knowledge and skills to effectively implement secure software development. Survey findings outlined in the report show nearly one-third of all professionals directly involved in development and deployment system operations, software developers, committers, and maintainers self-report feeling unfamiliar with secure software development practices. This is of particular concern as they are the ones at the forefront of creating and maintaining the code that runs a company’s applications and systems...

A sneak peek at the security, identity, and compliance sessions for re:Invent 2022

Katie Collins — Thu, 20 Oct 2022 17:05:28 +0000

AWS re:Invent 2022 is fast approaching, and this post can help you plan your agenda with a look at the sessions in the security track. AWS re:Invent, your opportunity to catch up on the latest technologies in cloud computing, will take place in person in Las Vegas, NV, from November 28 – December 2, 2022. […]

October Is Cybersecurity Awareness Month

Bruce Schneier — Wed, 05 Oct 2022 19:07:51 +0000

For the past nineteen years, October has been Cybersecurity Awareness Month here in the US, and that event that has always been part advice and part ridicule. I tend to fall on the apathy end of the spectrum; I don’t think I’ve ever mention...

2021 AWS security-focused workshops

Temi Adebambo — Tue, 11 Jan 2022 20:38:55 +0000

Every year, Amazon Web Services (AWS) looks to help our customers gain more experience and knowledge of our services through hands-on workshops. In 2021, we unfortunately couldn’t connect with you in person as much as we would have liked, so we wanted to create and share new ways to learn and build on AWS. We […]

AWS re:Invent 2021 Security Track Recap

Marta Taggart — Thu, 06 Jan 2022 16:49:14 +0000

Another AWS re:Invent is in the books! We were so pleased to be able to host live in Las Vegas again this year. And we were also thrilled to be able to host a large virtual audience. If you weren’t able to participate live, you can now view some of the security sessions by visiting […]

Part 2: On Passwords, Password Policies, and Teaching

David — Sat, 15 Oct 2011 00:00:00 +0000

I noted in yesterday's post that I used the answers to drive a conversation with a student employee, but didn't provide details. I was asked what the assignment was, and thought that it might be of interest.

I provided the initial question, and my response about what drives institutional policy - essentially what I summarized here. The assignment was:

Explain how you would answer this question for a user, and for IT management, and how your policy might differ for each of these environments:

A large multinational corporation
A commercial website like Amazon, or a cloud service like Dropbox or Picasa
A small company or non-profit

This sort of thought exercise is one that I feel is crucial for those who are learning information security, and is similar to questions I ask my employees when we discuss why our policies are what they are.