Modern security and policy compliance assessment solutions coalesce IT security and regulatory management efforts more effectively.

It seems information security is getting to the front line of business imperatives. More than ever before, executives are giving IT security and data protection initiatives the attention they've required for some time

The intensity with which attackers exploit endpoint application security isn't going to subside any time soon. For its part, Microsoft has published a security guide to help you better defend this security flashpoint.

Full Disclosure is dead. Let me explain why. The information security world has changed, even if some don't see it or are unwilling to accept it.

Hurtling into our annual Reboot edition, I became conscious of the break-neck speed at which 2007 has come to its end.

The screaming headlines have been running for years. Whether they're in press releases about cybercrime exceeding international drug profits or the billions of dollars lost to breach disclosures or videos highlighting the meltdown of power generators due to a myriad of vulnerabilities, the anti-malware industry has long relied on fear to move their products.

AJAX is hot, and many companies are developing new or porting legacy applications to AJAX to deliver a richer, more vibrant web experience. The risk: AJAX is complex, and security pros need to be aware how the development technique can increase the attack surface of their websites.

The open standard OVAL promises to ease the integration of security applications and help organizations develop security checks for highly-customized networks and applications.

A new vulnerability, termed JavaScript hijacking, was recently identified that specifically affects the rich, interactive interfaces typically associated with Ajax and Web 2.0 applications. The vulnerability, which can occur in any application that uses JavaScript as a data transport mechanism, can compromise the integrity of the vulnerable website, as well as expose users sensitive private information. JavaScript hijacking represents a new and critical attack vector that organizations developing Web 2.0 applications should take immediate steps to avoid. In other words, its hot.