Publicly Traded Companies Read This Blog
I think some publicly traded companies read this blog! Ok, maybe I'm dreaming, but consider the story After Google hack, warnings pop up in SEC filings by Robert McMillan:
Five months after Google was hit by hackers looking to steal its secrets, technology companies are increasingly warning their shareholders that they may be materially affected by hacking attempts designed to take valuable intellectual property.
In the past few months Google, Intel, Symantec and Northrop Grumman -- all companies thought to have been targets of a widespread spying operation -- have added new warnings to their U.S. Securities and Exchange Commission filings informing investors of the risks of computer attacks...
Google warned that it could lose customers following a breach, as users question the effectiveness of its security. "Because the techniques used to obtain unauthorized access, disable or degrade service, or sabotage systems change frequently and often are not recognized until launched against a target, we may be unable to anticipate these techniques or to implement adequate preventative measures," the company said in the filing.
Google's admission that it had been targeted put a public spotlight on a problem that had been growing for years: targeted attacks, known to security professionals as the advanced persistent threat (APT)...
So how do I know they read my blog? Check out my February 2008 post Justifying Digital Security via 10-K Risk Factors:
Perhaps digital security could try aligning itself with the risk factors in the company 10-K?
More directly, check out my May 2009 post President Obama's Real Speech on Cyber Security:
We will work with Congress to establish a national breach disclosure law, and we will require publicly traded companies to outline digital risks in their annual 10-K filings.
Well, the President didn't say that (I did), but thankfully companies are not waiting around for President Obama to be a real information security leader.
Five months after Google was hit by hackers looking to steal its secrets, technology companies are increasingly warning their shareholders that they may be materially affected by hacking attempts designed to take valuable intellectual property.
In the past few months Google, Intel, Symantec and Northrop Grumman -- all companies thought to have been targets of a widespread spying operation -- have added new warnings to their U.S. Securities and Exchange Commission filings informing investors of the risks of computer attacks...
Google warned that it could lose customers following a breach, as users question the effectiveness of its security. "Because the techniques used to obtain unauthorized access, disable or degrade service, or sabotage systems change frequently and often are not recognized until launched against a target, we may be unable to anticipate these techniques or to implement adequate preventative measures," the company said in the filing.
Google's admission that it had been targeted put a public spotlight on a problem that had been growing for years: targeted attacks, known to security professionals as the advanced persistent threat (APT)...
So how do I know they read my blog? Check out my February 2008 post Justifying Digital Security via 10-K Risk Factors:
Perhaps digital security could try aligning itself with the risk factors in the company 10-K?
More directly, check out my May 2009 post President Obama's Real Speech on Cyber Security:
We will work with Congress to establish a national breach disclosure law, and we will require publicly traded companies to outline digital risks in their annual 10-K filings.
Well, the President didn't say that (I did), but thankfully companies are not waiting around for President Obama to be a real information security leader.
Comments
The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
Do you seriously believe you are helping anyone by spamming on people's blogs? How does OWASP even relate to this? Rich is talking about government sponsored computer espionage. I'm sorry, I didn't see a section on OWASP.org where you help with this. In fact, you probably can't b/c if you read what gets posted here then you would realize that the super-minority of these intruders exploit web application vulnerabilities.
Stop spamming OWASP everywhere and let their content advertise for itself. If it was useful, someone would have commented about it for its merits.
cause i could use a money.
Tom Brennan once named dropped OWASP during a Eulogy for a family member.
For example, a comment about online pharmacies, on a blog post about animal husbandry, can be measured at 3 Brennans, based on the direct ratio of orthogonality of the comment to the topic at hand.
-LonerVamp