It’s on my professional site (where my resume would be if I were looking hard for another job), but I wrote a bunch of articles (Security notes, Best Practices, etc.) for Adobe, back before it was Adobe, and before even it was Macromedia, but when it was Allaire, and I was Product Security Manager/Security Response Team Coordinator there.
It was a nice job. Had some drawbacks in that QA/Security reported to Marketing on the Organizational Chart instead of, you know, IT, but it was a good job
I note, looking at these articles now, that the ones that are still credited to me (I wrote a number of security advisories that I’ll try to find too) are credited to me as a Consultant, though at the time I was a salaried employee with the title “Product Security Manager” or “Security Response Team Coordinator” instead. I am still a bit more pleased with being credited as a consultant. It is a title not undeserved.
Anyway, if you want to look at the old writing (from 2001/2002), here are the links (these open in your same window):
- Formal Trust and Authentication
- How to Design Secure Web Applications
- Prioritizing Network and Server Security Procedures
- Top Five ColdFusion Security Issues
Here is a sampling of the Security Bulletins I wrote (None of them are credited) or significantly updated (I was there from 2001 – 2002):
- ASB00-05: Cross-Site Scripting Vulnerability Information for Allaire Customers
- MPSB01-08: Best practice recommended to address new security issue in example applications released with ColdFusion Server versions 4.x and earlier
- MPSB01-11: The CFEXECUTE tag should be disabled when using ColdFusion Sandbox Security (Operating System type) on Windows