Betteridge's law should tell you the answer to this! Of course the answer here is no. We almost certainly do not understand our supply chains, and I…
Happy sunday on a gloriously sunny day. Some of you might have noticed that I didn't send a newsletter last week, and I'd love to have a good excuse…
How you deal with vulnerabilities is critical to your organisations approach to security. In far too many organisations, there simply isn't any defined…
We sometimes talk about "securing the software supply chain" as if it will prevent bugs and issues, which isn't quite accurate. The increasing number of…
Humans are funny creatures, we're afraid of flying but drive cars on a daily basis despite one being the safest form of travel and the other being the…
Zero trust is the architecture we talk about where there is zero trust in the fact that the requests are "coming from inside the network". But in fact…
I’ve referred before to the excellent XKCD cartoon that reminds us that huge amounts of modern commercial systems and code rely on a library maintained…
How networks affect us all is both intuitive and supremely unintuitive at the same time. GPG, rather famously suggested that people have key signing…
This week has had a lot of cyber security pundits confused that their predictions of the coming cyber apocalypse haven't come true. They predicted…
I'm going to start this week by explaining why I'm not talking about the situation unfolding in Ukraine. Everybody on the internet has shifted from an…
It's nice to imagine a world with proper classifications and access control systems. You can read declassified US reports and see examples where every…
Zero-trust is the new saviour of all of our security woes, but I suspect that the effort and impact of it is wildly underestimated by most people. It's…