Marcus Ranum, credited with the invention of the firewall, publishes very interesting articles on security. He is currently employed as the CTO of Tenable Security. He also will contribute to his own page from time to time also.
Mr. Ranum reminds me of Maddox if Maddox only talked about security and was much more articulate. My first introduction to Mr. Ranum was a rant entitled, "The Six Dumbest Ideas in Computer Security." One of the key points in this paper was the that pentesting is not needed (Penetrate and Patch). As a pentester I was outraged, but Mr. Ranum made a good point. Ever since reading that posting I have attempted to follow Ranum's postings. Note: There is also a funny topic that states, "Hacking is Cool", which Ranum argues isn't.
Mr. Ranum recently published an article entitled, "The Anatomy of Security Disasters"
Some of the ideas in the paper are:
- Ideas that are bad for security can get legs and then be hard to stop.
- The person in the room who can articulate their idea is always the one who wins the argument, regardless of whether it is the "right" thing to do.
- Management typically blames the security team for not informing them adequately enough even after emails from the security team to that manager are discovered.
- At the end of the day, no new processes are developed to prevent the problems from happening again.
