Stories by Bill Brenner

Vulnerability management basics: Pen testing techniques

It should go without saying that pen testing is one of the most important pieces of an IT security shop's vulnerability management program. And yet it's something that was <a href="http://www.csoonline.com/article/468766">declared a dead art by Fortify Co-founder Brian Chess</a> a couple years ago.

FireEye vows to expose 'truth' behind modern malware

In his interview with CSO last week, FireEye Chief Security Architect Marc Maiffret lamented what he sees as <a href="http://www.csoonline.com/podcast/592577">the inability of security vendors to keep up with the malware innovations</a> made in the pursuit of attacks against the likes of Adobe and Apple.

Your BlackBerry's dirty little security secret

Tyler Shields, senior member of the Veracode Research Lab, spends a lot of time <a href="http://www.csoonline.com/podcast/533263">picking apart those BlackBerry devices</a> that are ubiquitous across the enterprise. What he's found may disappoint those who thought they were secure.

SaaS, Security and the Cloud: It's All About the Contract

The term Software as a Service (SaaS) has been around a long time. The term cloud is still relatively new for many. Putting them together has meant a world of hurt for many enterprises, especially when trying to integrate security into the mix.

Why 41 Percent of You Would Fail a PCI Audit

Security vendors are launching a gazillion products this week at RSA Conference 2010, but hidden in all of those press releases are a few nuggets that illustrate the big picture trends.

What Researchers Are Learning About DDoS Tactics

A corporate security specialist on motives and tactics Jerry Mangiarelli has gained a lot of private-sector perspective on the DDoS threat over the years through his own personal research into botnets.

Does Social Networking Require User Policy Changes?

IT security administrators have had a fairly easy case to make against such social networking sites as Myspace in the past. Myspace in particular tends to be a place for the mostly personal, and some profiles are simply front companies for online mobsters and malware pushers.

7 Deadly Sins of Network Security

Companies that suffer serious security breaches have almost always committed one (or all) of 7 deadly security sins. Is your company guilty?

International Challenges in PCI Security

In a country that's seen many regulatory compliance challenges this decade, the headaches of PCI security tend to be analyzed from a largely American perspective.

[]