Michal Zalewski not only writes well about information security topics, but also international perspectives on politics. Here, he discusses some of the realities of gun control in the USA. I am a pacifist, but I also find myself frustrated and appalled by most discussions about gun control. One of many examples: The USA is huge, and contains lots of guns. If you want to use electoral politics to effectively get them out of the hands of citizens, you have to address the reality that it would currently require mass confiscation by already-militarized law enforcement forces and national intelligence/security agencies, both of which are well-known to be highly abusive of their powers. Cultural change is much slower, and requires a lot more understanding and honesty.
I do a lot of work in application security. I don’t typically recommend Web Application Firewalls as one of a team’s first application defenses. Why? They require a lot of work to setup and maintain, if you want them to be broadly effective. For most security programs, that time is better spent preventing and fixing software security bugs in the first place. There are some exceptions, however (mature security programs with good funding, vendor software that can’t be fixed or replaced, broad issues that require coordinated re-engineering, etc.). At Re:Invent, Amazon released details on their new WAF offering for their cloud services. I haven’t had a chance to check this out, yet, but I am interested to check it out and see how it stacks up against 3rd party options that are out there.