Evan Oslick 
Access privileges are crucial in protecting data, but they are just the beginning. There are instances where data traverses networks with inadequate or non-existent access controls. Sometimes, permissions are incorrectly configured, and occasionally, unauthorized individuals gain access to devices. In these scenarios, transforming plaintext (or clear text) data into a seemingly random string of characters … Read more
In “Monty Python and the Holy Grail”, King Arthur “rides” up to the Black Knight. The Black Knight refuses to acknowledge King Arthur’s requests nor resopnd to any question. He only says “None Shall Pass”. For those who haven’t seen the movie, a highly tense battle ensues with King Arthur defeating the Black Knight and … Read more
Protecting customers’ information is about gaining their trust. Privacy is about safeguarding that information. It is what drives confidentiality. Privacy is the customer’s expectation that what they supply will be used appropriately. Someone who posts to Twitter or LinkedIn will have different expectations than someone who uses Facebook. Though all are social media applications, the … Read more
Software design, much like woodworking, is a blend of art and science. Envisioning the final product is an art, while the journey to its realization is governed by scientific principles. Throughout this journey, the design undergoes numerous adjustments, similar to how a woodworker makes test cuts and deals with throwaway parts. These adjustments are vital, … Read more
Creating software is no different than creating a woodworking project. The end product will be creative. The flow of the wood, the colors, the stability, the functionality. After enough change in temperature, the expansion and compression of the wood will expose the skill level of the craftsman. The beauty of a natural wood dining room … Read more
he security posture of a software product is driven by how well it preserves the confidentiality, integrity, and availability of the system. The more ways that these three pillars can be negatively impacted, the weaker the overall security posture of the system. Each individual way in which one of the pillars can be negatively impacted … Read more
The last of the three pillars of information security is availability. Availability simple means that the data is available when the system says it will. In some cases that will be always available and on-demand. In other cases it may be in a few minutes. And in other cases it may be days. All that … Read more
Integrity is the second fundamental principle of software security. Integrity is about ensuring that data is trustworthy. To be trustworthy, the data must be accurate and complete. There is a this notion that type of application matters when it comes to data integrity. The truth is, it doesn’t matter. All systems need to be ensure … Read more
Confidentiality is how data is managed by the system. Confidentiality is a key pillar in trust. A system must inform the user how the data collected is intended to be used and use it in that manner. This notification must be in clear and concise terms that are easy to understand. A long “Terms of … Read more
Information security refers to the confidentiality, integrity, and availability of the information. Within the software security space, it refers to the confidentiality, integrity and availability of a specific software component or application. Confidentiality describes who and how access to information can be used. Users provide information to the system and there’s a set of rules … Read more