Posted by:
admin
9 years, 6 months ago
If you haven't read Gunnar Peterson's post Security, Fast and Slow, please do so now. It is about how Security's natural tendencies grate the natural tendencies of Development. Security needs to adapt to make it easier for Development to make the right decisions to bridges such gaps. I now call these "Gunnar Gaps".
As a security vendor, I wonder what we do to that might create or hopefully bridge such gaps. The best thing I think we do for developers is have easily downloadable API code examples that are LGPL-licensed. This means that a developer can quickly setup a WiKID server in a lab and integrate our API into their code base without talking to a sales person or worrying about licensing (LGPL allows you to use the code in a commercial application without releasing the code as open source).
Josh Corman hit on this same idea:
Devs don't want paywalls, sales people, web forms that require email addresses, etc when working on projects. That's pure friction and gap-creation.
Devs like well documented code. And the best documentation is examples. We actually like providing example code that developers can cut and paste. It allows them to focus on exactly the functionality they need and it creates a much tighter feed-back loop to us. So, bridging the gap to developers works both ways and makes our product better too.
Share on Twitter Share on FacebookRecent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)