Weekend Reads 092019

Despite its overwhelming advantages, open source adoption is inhibited by concerns about the availability of reliable support, which is often needed to address security concerns. That is one of eight conclusions from the survey The New Stack conducted with Tidelift. —Lawrence Hecht

Whether it is to justify spending, quantify risk, or generally keep the executive suite up on security doings, CISOs discussions are now awash in dashboards, charts, and key performance indicators. The only problem? A lot of the numbers security teams and their leadership uses are, well, not very useful. —Ericka Chickowski

The Internet Association (IA) is a trade group funded by some of the largest tech companies in the world, including Google, Microsoft, Facebook, Amazon, and Uber. Many of its members keep their lights on by tracking users and monetizing their personal data. So why do they want a federal consumer privacy law? —Bennett Cyphers

MITRE today published a draft of the Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Errors, a list of the most widespread and critical weaknesses that could lead to severe software vulnerabilities, as the organization explained a release on the news. —Kelly Sheridan

In July 2019, Capital One made news headlines not for achieving another milestone but because it had been breached. Capital One was using AWS cloud services, as many businesses are doing nowadays. The problem stemmed (in part) because Capital One had a misconfigured open-source Web Application Firewall (WAF) hosted in the cloud with Amazon Web Services (AWS). —Anastasios Arampatzis

With few commercial participants, early free software and open source communities were, by definition, community-led. Software was designed and created organically by communities of users in response to their needs and inspiration. The results, to a degree nobody predicted, were often magical. —Donald Fisher

This article is an overview of how proxy servers form the basis of online anonymity. We’ll discuss how you can use proxies to help both users and web applications. —Victoria Drake

For six years, the site RegExCrossword.com has been offering crossword puzzles made from programming language regular expressions. “Welcome to the fantastic world of nerdy regex fun!” reads a greeting on its home page. —David Cassel

Immediately after Mozilla announced its plan to soon enable ‘DNS over HTTPS’ (DoH) by default for Firefox users in the United States, Google today says it is planning an experiment with the privacy-focused technology in its upcoming Chrome 78. —Swati Khandelwal