The Harry Callahan Postulate

What kind of weight do you put in different browser defenses? Process separation? Plugin isolation and sandboxes? Tab isolation? X-Frame-Options, X-XSS-Protection? Built-in reflected XSS protection? NoScript? HSTS, HPKP? Automatic updates? Anti-virus? Safe browsing lists? Instead of creating a matrix to compare browsers, versions, and operating systems try adopting the Harry Callahan Postulate: Launch your browser. […]

Factor of Ultimate Doom

Vulnerability disclosure presents a complex challenge to the information security community. A reductionist explanation of disclosure arguments need only present two claims. One end of the spectrum goes, “Only the vendor need know so no one else knows the problem exists, which means no one can exploit it.” The information-wants-to-be-free diametric opposition simply states, “Tell […]