Dan Geer

IEEE Secur. Priv., 2021

Auto-Update Considered Harmful.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2021

2020

For Good Measure: Counting Broken Links: A Quant's View of Software Supply Chain Security.

[BibT_eX]

[DOI]

Bentz Tozer

John Speed Meyers

Who Will Pay the Piper for Open Source Software Maintenance? Can We Increase Reliability as We Increase Reliance?

[BibT_eX]

[DOI]

George P. Sieniawski

For Good Measure: Security Measurement in the Present Tense.

[BibT_eX]

[DOI]

Security Theater, the Beat Goes On.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2020

Averages don't characterise the heavy tails of ransoms.

[BibT_eX]

[DOI]

Proceedings of the APWG Symposium on Electronic Crime Research, 2020

2019

For Good Measure: Patent Activity as a Measure of Cybersecurity Innovation.

[BibT_eX]

[DOI]

Scott B. Guthery

For Good Measure: The Imperative of Reclaiming Metrics Terminology.

[BibT_eX]

[DOI]

Jason Crabtree

For Good Measure: Is the Cloud Less Secure than On-Prem?

[BibT_eX]

[DOI]

Wade Baker

For Good Measure: Curves of Error.

[BibT_eX]

[DOI]

Failure as Design.

[BibT_eX]

[DOI]

Dale Peterson

IEEE Secur. Priv., 2019

Ownership.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2019

Unknowable Unknowns.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2019

2018

For Good Measure: Nameless Dread.

[BibT_eX]

[DOI]

Paul Vixie

For Good Measure: Remember the Recall.

[BibT_eX]

[DOI]

Mike Roytman

For Good Measure: Between a Block and a Hard Place.

[BibT_eX]

[DOI]

Dan Conway

For Good Measure: Numbers Are Where You Find Them.

[BibT_eX]

[DOI]

You Are What You Eat.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2018

Trading Places.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2018

2017

Cybersecurity Workload Trends.

[BibT_eX]

[DOI]

Eric Jardine

For Good Measure: To Burn or Not to Burn.

[BibT_eX]

[DOI]

Jon Callas

For Good Measure: Letting Go of the Steering Wheel.

[BibT_eX]

[DOI]

For Good Measure: When Opinion Is Data.

[BibT_eX]

[DOI]

Mutual Dependence Demands Mutual Sharing.

[BibT_eX]

[DOI]

Richard Danzig

IEEE Secur. Priv., 2017

Attribution.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2017

2016

For Good Measure: Implications of IoT.

[BibT_eX]

[DOI]

For Good Measure: Paradigm.

[BibT_eX]

[DOI]

For Good Measure: Five Years of Listening to Security Operations.

[BibT_eX]

[DOI]

For Good Measure: Betting on Growth versus Magnitude.

[BibT_eX]

[DOI]

Privacy's Paradigm.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2016

Provenance.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2016

2015

Balkanization from Above.

[BibT_eX]

[DOI]

H. D. Moore

For Good Measure: Much Ado about Metadata.

[BibT_eX]

[DOI]

Dan Conway

For Good Measure: Why Speculate?

[BibT_eX]

[DOI]

For Good Measure: The Denominator.

[BibT_eX]

[DOI]

For Good Measure: The Undiscovered.

[BibT_eX]

[DOI]

For Good Measure: Cyberjobsecurity.

[BibT_eX]

[DOI]

Children of the Magenta.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2015

The Right to Be Unobserved.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2015

Less Is More: Saving the Internet from Itself.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2015

2014

Margin of Safety or Speculation? Measuring Security Book Value.

[BibT_eX]

[DOI]

Gunnar Peterson

Exploring with a Purpose.

[BibT_eX]

[DOI]

Jay Jacobs

Almost Too Big to Fail.

[BibT_eX]

[DOI]

Joshua Corman

Measure Like You Meant It.

[BibT_eX]

[DOI]

Richard Bejtlich

For Good Measure: Stress Analysis.

[BibT_eX]

[DOI]

For Good Measure: Testing.

[BibT_eX]

[DOI]

Inviting More Heartbleed.

[BibT_eX]

[DOI]

Poul-Henning Kamp

IEEE Secur. Priv., 2014

Personal Data and Government Surveillance.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2014

Polarization.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2014

2013

For Good Measure: Security Debt.

[BibT_eX]

[DOI]

Chris Wysopal

Measuring vs. Modeling.

[BibT_eX]

[DOI]

Michael Roytman

For Good Measure: Trending North.

[BibT_eX]

[DOI]

Mukul Pareek

For Good Measure: The Price of Anything Is the Foregone Alternative.

[BibT_eX]

[DOI]

The Times, They Are a Changin'.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2013

On Abandonment.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2013

Identity as Privacy.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2013

Resolved: the internet is no place for critical infrastructure.

[BibT_eX]

[DOI]

Commun. ACM, 2013

2012

The Future of Security Nominal Delivery Draft, Rocky Mountain Information Security Conference, 18 May 2012.

[BibT_eX]

[DOI]

The Future of Security: Criticality, Rejectionists, Risk Tolerance.

[BibT_eX]

[DOI]

ICS Update.

[BibT_eX]

[DOI]

Mukul Pareek

IEEE Secur. Priv., 2012

Progress Is Infectious.

[BibT_eX]

[DOI]

Daniel B. Larremore

IEEE Secur. Priv., 2012

Are You Smarter than the TSA? (Hint: No).

[BibT_eX]

[DOI]

Bob Blakley

IEEE Secur. Priv., 2012

Stand Your Ground.

[BibT_eX]

[DOI]

Jerry Archer

IEEE Secur. Priv., 2012

Risk Aversion.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2012

Numbers Worth Having.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2012

Power. Law.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2012

2011

When $80 Billion Is Not Enough.

[BibT_eX]

[DOI]

Peter Kuper

IEEE Secur. Priv., 2011

Small Is Beautiful, Big Is Inevitable.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2011

Eisenhower Revisited.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2011

Attack Surface Inflation.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2011

New Measures.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2011

Correlation Is Not Causation.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2011

A Time for Choosing.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2011

Does a Rising Tide Lift All Boats?

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2011

2010

Vulnerable Compliance.

[BibT_eX]

[DOI]

Nothing Ventured, Nothing Gained.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2010

A Life Is Short, a Half-Life Is Forever.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2010

An Index of Cybersecurity.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2010

A Time to Rethink.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2010

Fratricide.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2010

2009

Patch Grief with Proverbs.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2009

Risk Concentration.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2009

A Doubt of the Benefit.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2009

Hard Data Is Good to Find.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2009

The 0wned Price Index.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2009

Deskilling Digital Security.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2009

Digital Endosymbiosis.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2009

2008

2008 USENIX Nominating Committee Report.

[BibT_eX]

[DOI]

Michael B. Jones

Security Is a Subset of Reliability.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2008

Type II Reverse Engineering [For Good Measure].

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2008

Strong Attractors.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2008

Beware the IDs of March.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2008

What We Got for Christmas.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2008

Complexity Is the Enemy.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2008

Learn by Analogy or Die Trying.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2008

2007

A Quant Looks at the Future.

[BibT_eX]

[DOI]

The evolution of security.

[BibT_eX]

[DOI]

ACM Queue, 2007

The End of Black and White.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2007

2006

Playing for keeps.

[BibT_eX]

[DOI]

ACM Queue, 2006

Evidently Evidentiary.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2006

2005

Monoculture on the Back of the Envelope.

[BibT_eX]

[DOI]

When Is a Product a Security Product?

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2005

The Problem Statement is the Problem.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2005

2004

Metrics, Economics, and Shared Risk at the National Scale.

[BibT_eX]

[DOI]

Proceedings of the 13th USENIX Security Symposium, August 9-13, 2004, San Diego, CA, USA, 2004

2003

Patch Work.

[BibT_eX]

[DOI]

Getting the Problem Statement Right.

[BibT_eX]

[DOI]

Comments of the National Strategy to Secure Cyberspace.

[BibT_eX]

[DOI]

Information Security: Why the Future Belongs to the Quants.

[BibT_eX]

[DOI]

Kevin Soo Hoo

Andrew Jaquith

IEEE Secur. Priv., 2003

Monoculture.

[BibT_eX]

[DOI]

David Aucsmith

James A. Whittaker

IEEE Secur. Priv., 2003

Risk Management Is Still Where the Money Is.

[BibT_eX]

[DOI]

Computer, 2003

2002

Split-and-Delegate: Threshold Cryptography for the Masses.

[BibT_eX]

[DOI]

Moti Yung

Proceedings of the Financial Cryptography, 6th International Conference, 2002

Penetration Testing: A Duet.

[BibT_eX]

[DOI]

John Harthorne

Proceedings of the 18th Annual Computer Security Applications Conference (ACSAC 2002), 2002

2001

Information security is information risk management.

[BibT_eX]

[DOI]

Bob Blakley

Ellen McDermott

Proceedings of the New Security Paradigms Workshop 2001, 2001

2000

From the President.

[BibT_eX]

[DOI]

1998

Mobile Code Security.

[BibT_eX]

[DOI]

Aviel D. Rubin

IEEE Internet Comput., 1998

A Survey of Web Security.

[BibT_eX]

[DOI]

Aviel D. Rubin

Computer, 1998

1996

Kerberos with Clocks Adrift: History, Protocols, and Implementation.

[BibT_eX]

[DOI]

Donald T. Davis

Comput. Syst., 1996

1995

Kerberos Security with Clocks Adrift.

[BibT_eX]

[DOI]

Don Davis

Proceedings of the 5th USENIX Security Symposium, 1995

1994

Breaking into Banks: Security Lessons Learned from Financial Services.

[BibT_eX]

Proceedings of the 8th Conference on Systems Administration (LISA 1994), 1994

1991

Software and Intellectual Property - Who Owns Your Work?

[BibT_eX]

Rob Kolstad

Proceedings of the Summer 1991 USENIX Conference, Nashville, TE, USA, June 1991, 1991

1990

Project Athena as a Distributed Computer System.

[BibT_eX]

[DOI]

George A. Champine

William Ruh

Computer, 1990

1989

OLC: an on-line consulting system.

[BibT_eX]

[DOI]

Proceedings of the 17th Annual ACM SIGUCCS Conference on User Services, 1989

1988

The Athena Service Management System.

[BibT_eX]

Mark A. Rosenstein