Risk-based vulnerability management

For much of this year I've been advocating for a risk-based vulnerability management approach, rather than the "industry standard" checkbox-based approach. I've been talking to customers, both directly and at various events (such as Red Hat Summit in Boston, Red Hat Summit Connect in Dallas, directly with customers in Singapore, and virtually with customers). A few weeks ago I also published on the Red Hat Security blog: Do all vulnerabilities really matter?

The ...

November 15, 2022 0

Controlling software supply chain security will require new tools, automation and vigilance

Recently I had the opportunity to join a few other Red Hatters to talk about software supply chains with SiliconAngle. They did a writeup "Controlling software supply chain security will require new tools, automation and vigilance" that was great and included the full series of videos.

The interview I did with Luke Hinds can also be seen on YouTube: Vincent Danen and Luke Hinds, Red Hat | Managing Risk In The Digital Supply ...

February 18, 2022 0

Curated, tested and supported: How enterprise vendors mitigate open source supply chain risk

Published on the Red Hat blog, noting here that Curated, tested and supported: How enterprise vendors mitigate open source supply chain risk was posted yesterday. It's an article that talks about supply chain risk and associated costs -- after all, no software is truly "free" (which is why we prefer the term open source to free software). So where is that cost paid? The article explores that.

It also has a Read More

February 01, 2022 0

2021: A Retrospective

I think, like many people, I did not expect to be writing this at the end of 2021 and still be in the COVID-19 pandemic. Simply to get it out of the way because COVID certainly wasn’t the most exciting thing this year, the entire family got COVID in the summer. It wasn’t pleasant, but I’ve had worse. Interestingly, that was when I had the flu in Boston shortly after Spectre/Meltdown was ...

January 03, 2022 1

Linux and Cloud Native Security: Red Hat’s Perspective

I was recently interviewed by my friend Jack Wallen at the New Stack about Linux and cloud native security. This was part of a series they did with a few others.

Linux and Cloud Native Security: Red Hat’s Perspective

November 07, 2021 0

2020: A Retrospective

It's taken me some time to even get to the place where I wanted to stop and think about 2020. We're just over 2 months into 2021 and I've been thinking about writing this since December, but between being plain old tired (physically and mentally) and being busy, every time the thought of writing this came up I shied away, finding some excuse or another not to write it.

But 2020 was too much of ...

March 06, 2021 0

Upgrading FreeNAS to TrueNAS Core

Given it's the holidays and that's when I tend to have time and energy to poke around the house, I decided to upgrade my FreeNAS box to the newer TrueNAS 12 release. The upgrade itself went without a hitch, simply switching from the FreeNAS 11 train to the TrueNAS 12 train was sufficient. However when everything came back, none of my jails started. I have three jails that are used daily: plex, ...

December 22, 2020 0

COVID-19 in Edmonton

While the Alberta government has some excellent visualizations about COVID-19 statistics in Alberta, I felt there was a little too much missing. The province is quite transparent and you can export the data in CSV. Since these days most of my "technical work" is dorking around in spreadsheets, I fiddled with the data a bit. It's not quite to my liking because the data isn't complete. For example it doesn't ...

November 07, 2020 0

Interview about CVSS

I was recently interviewed by my friend Jack Wallen (whom I've known for 20 years as he actually coerced me to start writing for TechRepublic ages ago!). It was about a topic near and dear to my heart: CVSS (or Common Vulnerability Scoring System). With the explosion of security scanning vendors, particularly around containers, the reliance and misunderstanding of CVSS has been a thorn in my side.

I don't often blog about challenges at ...

June 09, 2020 0

An Unexpected Journey

Yesterday we had someone at our home to look at replacing the front and back doors. The rep for the company was exceptionally personable and we probably spent more time with him than the simple transaction of selecting and ordering new doors for our home warranted, but my wife and I are "people" people so we enjoyed the conversation and engaged with this young man. He told us about his life, how he ...

May 09, 2020 0