HP Acquires SPI Dynamics

HP accounced on June 19th that it would acquire SPI Dynamics, a provider of security testing technology. The announcement came on the heels of the Watchfire acquisition by IBM. These two acquisitions highlighted the industry's increasing interest in application security. HP's Mercury with SPI's WebInspect makes a very compelling offering for comprehensive software testing (performance, functionality, and security). Similar results should ensue for the Watchfire acquisition. It is great to see that application security is finally getting the attention that it deserves. With the two platform providers, HP and IBM, taking on security testing tools, we should see more market uptake on application security measures, which is exciting for those of us in the security space.

Read more

Google Will Now Be Tried As An Adult, Not A Juvenile Offender

For a couple of months now, Google has been a favorite press whipping boy about issues like its DoubleClick acquisition and its new street level search capabilities. It has previously had other privacy issues with offerings like gmail as well. Now, Google has attracted the attention of the FTC and the EU data protection authorities and was also just named the worst offender in the Privacy International study "A Race to the Bottom: Privacy Ranking of Internet Service Companies."

Read more

The difference between privacy and security

Sometimes at Forrester, if we're looking for a fight, the security and risk management team will kick of discussions on the difference between privacy and security. Slashdot contributor Bennett Haselton wrote an article for Slashdot that is a great example of the difference. The example looks at membership lists for certain websites.

To throw my two cents into the argument, I define privacy as the appropriate use of information, whereas security is CIA, confidentiality, integrity and availability. You can't have privacy without security, you still need to keep the data away from the bad guys, but privacy is also concerned about using that information properly. For instance, your grocery store likely already knows what food you buy, what if they sold that information to the weight-loss center down the street so they could target you. It's not a security violation, but it certainly feels like a privacy one!