Security-Related Blogs and Podcasts

• Blogs
• Bruce Schneier is a prominent cryptographer, entrepreneur, and security writer and speaker. His blog draws a lot of readers, and thus many comments. This is a good place to go for reliable information and wide-ranging discussion thereof. Schneier also has a very good monthly e-mail newsletter,
• Martin McKeay's blog. The Network Security Podcast is also accessible from here.
• Avi Rubin, a CS professor at Hopkins, a top expert on voting technology, and a Baltimore County election judge. Don't take the April 1 entry too seriously.
• Lauren Weinstein's blog. Weinstein is a well-known writer and speaker on privacy issues, and a regular contributor to the Communications of the ACM's "Inside Risks" column.
• Gunnar Peterson
• F-Secure has a blog which doesn't seem too overtly commercial.
• Anton Chuvakin
• Rich Mogull, one of the presenters of the Network Security Podcast
• Kurt Wismer
• James Costello
• A news-oriented blog from the folks at About.com
• Craig Balding
• A blog from the security researchers at Cambridge University
• The EFF's Deeplinks blog. The focus is on privacy. Waiver: I've belonged to the EFF for years.
• The Renesys blog.
• Security Catalyst
• Security Focus
• Podcasts
• The Network Security Podcast. Another feed is here,
• The Silver Bullet Security Podcast. There's also a blog there--see the link near the top of the page.
• The Security Roundtable gathers information security podcasters together to discuss security issues.

Other Links

• Ross Anderson at Cambridge. He's been a major figure in security for awhile and has become a force driving the fields of security engineering and economics of security.
• Marcus Ranum, I especially like his Six Dumbest Ideas in Computer Security. Number 5 directly contradicts a point mentioned repeatedly in IS 430; I tend to agree with Ranum's position. Ranum used to work for the late Trusted Information Systems in nearby Glenwood, MD.
• The Electronic Frontiers Foundation (EFF) is a top-notch electronic privacy organization.
• SANS is a commercial security outfit involved most notably in certification and training. They have mailing lists (all include annoying separate advertising-oriented e-mails). At their web page, maybe the first thing to look at is the resources link.
• The Handbook of Applied Cryptography
• IEEE Security and Privacy Magazine

• To Martens' Course Page
• To Martens' home page
• To the UMBC IS Dept
• To UMBC

, Jeff Martens.