Category Archives: threatmodel

App security consultancy from your favourite boffin

I’m very excited to soon be joining the ranks of Agant Ltd, working on some great apps with an awesome team of people. I’ll be bringing with me my favourite title, Smartphone Security Boffin. Any development team can benefit from … Continue reading

Posted in Business, ssl, threatmodel | Comments Off on App security consultancy from your favourite boffin

A site for discussing app security

There’s a new IT security site over at Stack Exchange. Questions and answers on designing and implementing IT security policy, and on app security are all welcome. I’m currently a moderator at the site, but that’s just an interim thing … Continue reading

Posted in code-level, Policy, Privacy, Talk, threatmodel | Leave a comment

On Fuzzy Aliens

I have just launched a new company, Fuzzy Aliens[*], offering application security consultancy services for smartphone app developers. This is not the FAQ list, this is the “questions I want to answer so that they don’t become frequently asked” list. … Continue reading

Posted in Business, code-level, iPad, iPhone, Privacy, software-engineering, threatmodel | Leave a comment

On voices that matter

In October I’ll be in Philadelphia, PA talking at Voices That Matter: Fall iPhone Developers’ Conference. I’m looking forward to meeting some old friends and new faces, and sucking up a little more of that energy and enthusiasm that pervades … Continue reading

Posted in code-level, iPad, iPhone, Talk, threatmodel, tool-support | Leave a comment

On Fitt’s Law and Security

…eh? Don’t worry, read on and all shall be explained. I’ve said in multiple talks and podcasts before that one key to good security is good user interface design. If users are comfortable performing their tasks, and your application is … Continue reading

Posted in iPad, iPhone, Mac, threatmodel, UI, user-error | 1 Comment

On improved tool support for Cocoa developers

I started writing some tweets, that were clearly taking up too much room. They started like this: My own thoughts: tool support is very important to good software engineering. 3.3.1 is not a big inhibitor to novel tools. /cc @rentzsch … Continue reading

Posted in PCAS, threatmodel, tool-support | 1 Comment

Which vendor “is least secure”?

The people over at Intego have a blog post, Which big vendor is least secure? They discuss that because Microsoft have upped their game, malware authors have started to target other products, notably those produced by Adobe and Apple. That … Continue reading

Posted in Business, Responsibility, threatmodel, Vulnerability | 2 Comments