Friday, January 1, 2010

Thoughts on 2010

Another decade come and gone. There are really just a few goals I have for myself in 2010, security-wise.

1. Ditch conventional wisdom

I find myself performing or recommending some "best practices" that, frankly, make me feel a little dirty. I intend to start looking at risk with a much more critical eye. (Just for example, I'm not sure I really believe XSS is as critical as the companies selling web app security products would tell you.)

2. Get actionable

This is more of a work thing. I've done a lot of work to increase the volume of security information available. My goal for this year is, in addition to building out more info-gathering capability, to really get to work on automating to the point where important information is correlated and alerted upon automatically. No more digging through irrelevant information looking for the real stuff.

3. Get back to basics

In the last couple of years, I've really gotten away from vulnerability research and exploit development, which is too bad because that's really what I am most interested in. I plan to devote some time to those activities this year.