Mark Curphey - SecurityBuddha.com

How familiar is this?

Really good read by Marcus Ranum

I have been waiting to send this email since January; welcome to Microsoft Dennis Groves. Dennis will be a Technical Product Manager for the Connected Information Security Framework (more on that as promised next week). Dennis started OWASP with me back in the day and we have been trying to find a way to work together again for a while. His UK visa was finally approved today after a lengthy delay from the UK Home Office so he will be moving to the UK very soon. We can’t wait to have you on the team and I look forward to working with you to change the security management world.

More cool team members to announce in the coming weeks and months!

If you are in London for Info Sec and are a member of the Jericho forum please drop by and say hello. I will be delivering the keynote with a brand new deck for the first time in public. Look out for the funny videos!

I will be speaking at TechEd in Orlando in June (and probably the TechEds in Australia and New Zealand in September).

The Connected Information Security Group - CISG, part of the Microsoft corporate information security team are working on a technology framework and set of applications to support corporate information security management programs. The Microsoft  and a few “early adopter” customers will be dog-fooding early prototypes in late 2008/early 2009. This presentation provides a short overview of the problem space and current thinking on our approach to solving it.

I will be blogging about my team, our mission and our plans to change the world in a few weeks when some additional re-organization has been finalized but I can tell you that my bet of joining Microsoft to get access to the right amount and type of resources to realize the vision of a real security platform has paid off!

This week I get to see two new babies. It’s going to be a superb week.

First up (and obviously by far  the most important) my wife is pregnant again and this week we are going for the first scan. This will be the first of our kids born in the UK. In October I am going to be a dad again!

Second up my new car is being delivered tomorrow morning. It’s going to be insane. Audi TT 3.2 V6 Quattro Coupe with 19 inch 20 spoke alloys, magnetic ride, paddle shifts with the s-tronic gearbox, black pearl and red magma leather interior, full Bose stereo and sat nav kit etc. It’s going to be mad. I will try and do a video blog from the car in the coming weeks as using Exchange to deal with voice mails and calendars via Bluetooth  and voice recognition while driving is pretty impressive. Doing it at 155mph might be …..nah I won’t go there.

Today was the London Marathon. As always some inspiring stories like Blind Daves 7 Marathons in 7 Continents in 7 Days. Yes that’s not a typo.

One of the funniest stories I heard about this years marathon was the advice given to the Maasai tribe from Tanzania running to raise money for their village. These guys sometimes run for two to three days with their cattle so it will be a breeze!

The British Charity Greenforce which works in their community produced them a guide called “Visiting England: A Cultural Briefing”.

Here are some highlights;

“Even though some may look like they have a frown on their face, they are very friendly people - many of them just work in offices, jobs they don’t enjoy, and so they do not smile as much as they should.”

You will see many people who are wearing only small clothes and you will wonder why they are cold and may think they are being disrespectful, this is normal for England, especially when it is sunny or in the evening. However, it is illegal to show certain parts of the body and for this reason it is important that you wear underpants if you are wearing your blankets.

Many people drink alcohol in England. They do so at bars, at homes or at clubs - the English equivalent to a Maasai party. When people drink they [seem] sillier or different. I am sure you have seen it with the Greenforce volunteers.

You may see these animals in a field, seemingly left alone. It is important to remember that these animals are owned by someone and are being looked after. [i.e. do not hunt them]

I got back from Redmond yesterday. I am getting old so couldn’t sleep well last night; luckily for me the BBC shows Our World during the night and I caught Danger - Democracy at Work. As usual it was a superb bit of journalism this time questioning Americas dogma to spread their own blend of “freedom” to other nations. I use double quotes as ironically America was the least “free” country I have lived in and I have lived in a fair few!  Among other things they examine Dubai and Malaysia and question why anyone would have ever thought they can instil democracy in Iraq in a few months when it took 30 years in Malaysia. The documentary essentially puts forward key observations that non-democratic States don’t necessarily mean oppression (Dubai) and that history shows us that strong leadership is needed for a successful transition from one type of political model to another.

I checked my personal email account this morning  (I rarely use it these days) to see a Thread “Top Web App Sec Vendors” on the Security Focus WebAppSec mailing list; a list I created back in 2000. Total chaos, vendors recommending their own firms without disclaimers, groups suggesting they are made up of a widespread membership, people recommending friends and so on. Many friends  know about some nasty politics from the early days of OWASP where I made a decision about what people could and couldn’t do in an “open” project. In short I decided that unless a tool had an approved OSI license then any discussion or announcements was either an advert or highly likely to be hijacked into one. A group of people ( I still have their email which is funny) lobbied Security Focus to have me banned as moderator of WebAppSec. It never happened of course but lots of Internet bad mouthing started (some of which continues today).

It’s water of a ducks back for me. Looking back I know I did the right thing. As I watch how OWASP has blossomed today, I think it was in some small part due to those early tough decisions that setup the environment for a free and neutral exchange of ideas that OWASP is today. Of course you also really have to hand it to Aspect Security who have done an amazing job of running OWASP and avoiding it becoming their marketing arm or hijacked by vendors. I know they have seen the reward they deserve for the find balance they have trod.

Watching social communities evolve is much like watching global politics. It’s the Medici Effect again!

This great article about World of Warcraft that is well worth a read for anybody who is interested in frameworks, platforms and software innovation. Read Here.