Woodsy Owl 2016 – Don’t Pollute Software!

It’s been 6-years David Rice’s presentation and 4-years since my related blog post.  I can safely assume it had some impact on me.  I’m not sure if pollution or health care is the better metaphor for security but clearly national action is needed.  It’s interesting to me society could mustered the interest and investment to improve national sentiment around pollution.  Software security is no less of a challenge.  I’m confident such an effort will develop around software security someday.  There’s no way society can continue the present course of increasing size and scope of national security incidents while continuing to shrug them off.  Someday the level of pain, suffering, and public outcry will force action.

Funniest Security/Privacy Tweet of 2016


Soghoian is referring to a piece of tape FBI Director Comey places over his laptop camera.  The subtle message for the public is that electronic privacy is for the privileged elite.

CISO Meme

Photo 1: Click to Enlarge

I see a lot of companies without top security leadership representation, CISO’s.  Check out a few company leadership pages sometime.  The point is that with no application security expert in the board room don’t expect security concerns to be raised until your next public security incident.  Keep in mind the job of the CISO is not scape goat for your next public security incident; we are way past that now, it’s to identify and reduce business risks/injury posed by technology products/services to acceptable levels.  Two points, 1) you need a CISO, 2) hire a knowledgeable CISO if you like your executive job or board position.

A couple of cases that could have been avoided or gone much better with a knowledgeable CISO…
FTC.gov:  The Matter of LabMD, Inc.
Forbes.com:  Target CEO Fired – Can You Be Fired If Your Company Is Hacked?

*Photo from Transformers film, 2007

Perl Munitions T-Shirt

I saw recent article on Wassenaar and it included a link to Adam Back’s website, www.cypherspace.org.

Photo 1: Front (click to enlarge)

Adam developed a Perl script that was at one time considered a munition under ITAR.  Of course, handling a 3-line Perl script like a bomb is ridiculous.  Especially since the encryption algorithms were widely known, even at the time.  To bring public attention to ITAR, the script was printed on a t-shirt making it a non-exportable munition.  The t-shirt was featured by media publishers like Wired Magazine.

 Adam is no longer printing these t-shirts but provides the graphics to the
Photo 2: Back (click to enlarge)

public if you want to print your own.  Designs for the t-shirt if your interested to print one yourself.  I have used CustomInk to print custom t-shirts in the past with good results.  I appreciate clever and thought provoking t-shirts.  I may have to make one of these classics for myself.  Wearing an export controlled munition around the office is extremely cool.

Images and Perl Munitions T-Shirt, Adam Back of www.cyberspace.org