Vulnerability Fundamentals - Resources

Fundamental Issues

These essays, all by respected technologists or researchers, do an excellent job of highlighting some of the fundamental issues in cybersecurity.

I think they are all worth reading for anyone with an interest in technology.

The Internet of (Vulnerable) Things: On Hypponen's Law, Security Engineering, and IoT Legislation Mikko Hypponen, Linus Nyman.
Software Liability for Armchair Quarterbacks "People who have never coded beyond the equivalent level of high-school football nonetheless have strong opinions about how the game of professional software engineering should be played.", by Robert Graham.
Who Pays? Steve Bellovin, University of Columbia (My opinion: When Steve Bellovin speaks or writes, one should only try to listen or read very carefully).
- D-Link tells users to trash old VPN routers over bug too dangerous to identify An example of RCE vulnerability in EOL device exposed on the Internet. The vendor tells you to throw it away because there will be no patch.
Making Security Sustainable Can there be an Internet of durable goods? Ross Anderson, University of Cambridge.
IoT Cybersecurity: What's Plan B? by Bruce Schneier.
My Password Is “Password” (first section of a longer newsletter). "cybersecurity risk is akin to pollution, a cost that the business itself doesn’t fully bear, but that the rest of society does" by Matt Stoller.
Notes from NANOG 89: BGP Error Handling The four last paragraphs give very deep insights. By Geoff Houston, a member of the Internet Hall of Fame.
Unsafe at Any CPU Speed: The Designed-in Dangers of Technology and What We Can Do About It Speech by CISA Director Easterly at Carnegie Mellon University (transcript and video).

Just one of the many, many resources:

Minimum Viable Secure Product (MVSP) A list of essential application security controls that should be implemented in enterprise-ready products and services. The controls are designed to be simple to implement and provide a good foundation for building secure and resilient systems and services.