HP accounced on June 19th that it would acquire SPI Dynamics, a provider of security testing technology. The announcement came on the heels of the Watchfire acquisition by IBM. These two acquisitions highlighted the industry's increasing interest in application security. HP's Mercury with SPI's WebInspect makes a very compelling offering for comprehensive software testing (performance, functionality, and security). Similar results should ensue for the Watchfire acquisition. It is great to see that application security is finally getting the attention that it deserves. With the two platform providers, HP and IBM, taking on security testing tools, we should see more market uptake on application security measures, which is exciting for those of us in the security space.
Sometimes at Forrester, if we're looking for a fight, the security and risk management team will kick of discussions on the difference between privacy and security. Slashdot contributor Bennett Haselton wrote an article for Slashdot that is a great example of the difference. The example looks at membership lists for certain websites.
To throw my two cents into the argument, I define privacy as the appropriate use of information, whereas security is CIA, confidentiality, integrity and availability. You can't have privacy without security, you still need to keep the data away from the bad guys, but privacy is also concerned about using that information properly. For instance, your grocery store likely already knows what food you buy, what if they sold that information to the weight-loss center down the street so they could target you. It's not a security violation, but it certainly feels like a privacy one!