Open source software security

Keep Security Staff out of HR Investigations

Unfortunately it is far too common for information security (IS) staff to become embroiled in human resources (HR) investigations. Ask anyone who has worked in security and they'll tell you about a time they were asked for a report of browsing habits for a certain user, for a forensic investigation of a hard drive of an employee who is being disciplined or fired, or to perform a search of an employee's e-mail. There are a variety of reasons that HR might make such requests from IS but security leadership need to do a better job of rebuffing these requests. It is not only distracting, but also demoralizing and potentially damaging to an IS group to engage in these activities. For some, having IS perform HR investigations may seem like a routine part of IS operations. I think this is an unfortunate state of affairs and firmly believe that IS should have little, if any, invovlement in HR investigations. This article will seek to lay out the reasons I believe having IS perform HR support functions is an extremely bad idea, in hopes that it will empower organizations to better articulate resistance to such integration. Having IS perform HR investigations is a deviation from IS purpose, requires training IS is not given, and fails to deliver positive outcomes for IS in all but limited circumstances. Read more

Securing Your Raspberry Pi

Raspberry Pi is a wonderful, low cost, device that's perfect for security and home automation projects. Unfortunately, Raspbian, the officially supported operating system for the Raspberry Pi, places an emphasis on usability and approachability over security. This certainly doesn't mean, however, that Raspbian is insecure. It just means that you're going to have to take some extra time and make some extra effort to secure your Raspberry pi device. Read more

IoT Framework Security Considerations

Designing a secure IoT solution depends on a number of security considerations. One of the most important consideration is the use of a secure IoT framework for building your ecosystem. Using a secure framework ensures that developers don't overlook security considerations and allows for rapid application development. Ideally a framework contains security components baked into the framework in such a way as to provide security by default that developers don't have to think about. This frees developers and architects to focus on features and capabilities without burdening their development efforts with security considerations (or mistakes). Read more