Category Archives: Responsibility

On privacy, hashing, and your customers

Posted on 2012-02-08 by Graham

I’ve talked before about not being a dick when it comes to dealing with private data and personally-identifying information. It seems events have conspired to make it worth diving into some more detail. Only collect data you need to collect … Continue reading

Posted in Business, Crypto, Data Leakage, Privacy, Responsibility | Comments Off on On privacy, hashing, and your customers

Want to hire iamleeg?

Posted on 2011-08-03 by Graham

Well, that was fun. For nearly a year I’ve been running Fuzzy Aliens, a consultancy for app developers to help get security and privacy requirements correct, reducing the burden on the users. This came after a year of doing the … Continue reading

Posted in Business, Policy, Responsibility, software-engineering | Leave a comment

On internal quality

Posted on 2011-04-10 by Graham

I was asked by attendees at my VTM talk on test-driven development a small collection of questions on a similar theme, which I’ll summarise here. How do I do TDD when my boss doesn’t want me to? What do I … Continue reading

Posted in Business, code-level, Responsibility, software-engineering, Talk, TDD, VTM | 6 Comments

Protecting source code

Posted on 2010-12-15 by Graham

As I mentioned on the missing iDeveloper.tv Live episode, one of the consequences of the Gawker hack was that their source code for their internal software was leaked into the Internet. I doubt any of my readers would want that … Continue reading

Posted in Business, code-level, Data Leakage, Encryption, Policy, Responsibility, software-engineering | 5 Comments

Which vendor “is least secure”?

Posted on 2010-04-30 by Graham

The people over at Intego have a blog post, Which big vendor is least secure? They discuss that because Microsoft have upped their game, malware authors have started to target other products, notably those produced by Adobe and Apple. That … Continue reading

Posted in Business, Responsibility, threatmodel, Vulnerability | 2 Comments

Security flaw liability

Posted on 2010-03-29 by Graham

The Register recently ran an opinion piece called Don’t blame Willy the Mailboy for software security flaws. The article is a reaction to the following excerpt from a SANS sample application security procurement contract: No Malicious Code Developer warrants that … Continue reading

Posted in Malware, Policy, Responsibility, Vulnerability | Comments Off on Security flaw liability