Author Archives: Tom Henderson

I read of Docker’s announcement June 6, about a new security vetting online tool for its containers. Yes, it’s a step forward. But it’s not Docker’s.

Last week, I received a briefing and did a proof-of-concept test on another SaaS container-checking tool, Black Duck’s Security Checker.  

Hmmmm. Docker’s tool quacks like a Black Duck.

After some quick queries, I confirmed that these tools are indeed the same.

The short of it is this: there are two SaaS front ends pointing to the same tool—Black Duck’s Hub product, which vets, among other things, Docker containers. You get three free tests at Black Duck. However, at Docker, it’s FREE-AS-IN-BEER until Aug. 1, 2016. You pick. It’s subscription-only afterwards, unless the model changes. 

To read this article in full or to leave a comment, please click here

Today, Underwriters Laboratory announced the UL CyberSecurity Assurance Program. I won’t call it an oxymoron, but I’m deeply worried about it. While I have faith in UL, I’m not sure if they realize the breadth and depth of what they’re getting into.

UL is the reason there are only small holes in appliances and CE gear. Why? So an average toddler can’t stick something inside and become electrocuted. UL helps product vendors have liability insurance within sane ranges. They promulgate standards that vendors are responsible to adhere to for insurance sake. Test labs do the rest, ensuring that First Article Samples (and then, perhaps subsequent production samples) of products adhere to a bevy of standards—all designed to make products safer but at least insurable.

To read this article in full or to leave a comment, please click here

Skyport does one thing, and it does it well. Skyport offers SkySecure Server, a remotely deployable platform for Windows and/or Linux virtual machines in a fortress-like environment.

You can rent one for $2,500 per month, or less.

Skyport SkySecure Servers solve a major pain point for IT execs looking for control over their remote servers. Skyport provides a hardened server that can be safely deployed to off-premises locations with little to no pre-configuration headaches.

It comes pre-built and ready to host and secure either their list or your qualified list of popular host operating systems as VMs. Once deployed it’s largely tamper proof, and its subsequent use is done remotely, securely, with full online-monitoring control. Skyport is as security-paranoid as we are; therefore we liked it, finding only a few foibles.

To read this article in full or to leave a comment, please click here