Recent Posts

The wrong solution to a major problem

The wrong solution to a major problem

Supply Chain Risk Management is the name of a big security problem in the business world. It is so important that there isn't a single security framework that doesn't include Supply Chain Risk Management in its agenda, guidance, and suggested controls. NIST has a set of resources on the topic, but it is not the only organization that is addressing this problem.

Oracle Wallets for credential storage

Oracle Wallets for credential storage

If you're developing for the web (or something else) and you need to connect to an Oracle database, such as an Oracle Autonomous Database that comes for free with oracle cloud free tier, you may run to the typical problem of storing db connection credentials in configuration files and scripts. Nevertheless, Oracle has, since ages, a functionality called Oracle Wallet that can help you manage these connections more securely. Keep in mind that Oracle migrates away from Wallets, but my understanding is that this is a response to usability concerns, as the security standard is not maintained in the new set-up.

A leader uses DNS to educate

A leader uses DNS to educate

Once upon a time I spent a total of 4 hours (over three days) in meetings, stating that I will definitely not approve a security exception. At least, not until someone demonstrates that the exception requested, removes the root cause or is a valid workaround.

Vulnerability and Patch management

Vulnerability and Patch management

During the last 3 months I got more times than expected in discussions about patch and vulnerability management. I need to say, there is much misunderstanding going around about these two processes; so much that I could argue that several organizations are exposing themselves significantly, just because the touch points and (lack of) dependencies in these two processes are not clear.

Oracle Cloud challenges

I love challenges, and working with Oracle products has always been a challenge for me. This love/hate relationship started ~20 years ago when I could not set up the first version of Oracle Internet Directory, following the documentation word by word! I had to "fix" several scripts to make it install, and in the end, even though it installed, it still wouldn't work... It was the only product I cared enough to remember that failure after so many years. Or maybe, the only product I failed to tame.