News
18 June 2006
Thanks to an a**hat named 'dylebron' who self-registered on this website, for a brief period today the front page of securitymetrics.org was defaced. It has been fixed, but the contents are not the same as before. To partially mitigate issues such as these, I've added a versioning capability to the wiki. That won't stop future defacements, but it will mean page authors can roll-back changes when they like.27 April 2006
Securitymetrics.org has moved, from its previous hosting provider to a spanking brand new one. Our new provider, eApps, has significant experience hosting Java applications. The price is right, too. Highly recommended.11 February 2006
Just in time for the 2006 RSA Security Conference, we've upgraded the site to JSPWiki 2.3. This version features a completely overhauled security subsystem written by yours truly. The 2.3 version gets us RSS feeds, too! Finally, the look-and-feel is now using a theme called 'mint', also by you-know-who. Direct rants and raves to Andrew Jaquith; see the Who We Are page for the e-mail address.24 October 2005
Just in case you were paying attention, the site was up and down (mostly down) all weekend. Did a major upgrade to the Tomcat web container; we are now running a patched 5.5.12 build. The registration application gets some minor tweaks, including a reminder to register with the mailing list (this must be done separately). When new users register, the site administrator (yours truly) receives e-mail notifications. Swell.20 April 2005
Re-purposed the Welcome page as a metrics blog. This required small changes to the style sheet (CSS) and the Apache configuration, but no code changes.3 December 2004
Added an "Editorials" page to the LeftMenu wiki page.24 November 2004
Upgraded Tomcat to the latest stable version from Jakarta. Looks like it will provide a nice performance bump. Also upgraded the JSPWiki application to a recent CVS snapshot version; this version includes the blazingly-fast Lucene
full-text indexer.
16 November 2004
Fixed three bugs: the cookie checker on the login page was failing; unauthenticated users clicking "Edit this page" were always being directed to the Welcome page after login; unauthenticated users couldn't retrieve attachments. The first two required a small fix to my cookie-checker JSP taglib; the second was a simple Apache JK mapping. Sometimes the server configuration is a bit too secure for its own good! On a positive note, the server had been operating for nearly 40 days continuously, so that's proof positive that the September and October fixes were worth it.5 October 2004
Fixed a moronic init script error preventing Tomcat from auto-starting when the server gets bounced. Tomcat now auto-starts nicely, just like it should. I expect much improved uptime...24 September 2004
Performed a major upgrade of the web server configuration. I am now using a super-stripped configuration that is as minimized as I can get, based in part on Arthur Maj's excellent Apache hardening guides. On a side note, the stability issues from earlier September appear to be largely solved.4 September 2005
We've been having some instability issues with the site. Tomcat seems to run out of memory every few days. I've made some changes to the configuration; we'll see if it helps. It should.24 August 2004
Fixed a small issue; the file-upload feature (available only to logged-in members) was b0rked due to an excessively restrictive web server configuration.21 August 2004
The site suffered an extended outage over the last few days. The hosting provider installed a newer version of Apache2, which broke the connector for the servlet container. A simple recompile against the new web server libraries fixed the issue, although it took some time to figure it out. While I was at it, I upgraded the JRE to 1.4.5_05. But we're back now, and everything is nice and snappy.13 May 2004
On 9 May, the authentication and authorization subsystem was upgraded to JRegistrar 0.2. The upgrade integrates a JAAS-based login module with the servlet container authentication realm. From a user perspective, the only difference is that user names (rather than e-mail addresses) are displayed in page metadata. This is a good thing, since this deprives spam spiders of a source of e-mail addresses. Hey -- we will take our small victories where we can get them. For the curious, details on the user authentication subsystem can be found here.
Security Metrics: the book
Welcome
Metricon 5
Mini MetriCon 4.5
MetriCon 4.0
Mini MetriCon 3.5
MetriCon 3.0
Mini MetriCon 2.5
MetriCon 2.0
MetriCon 1.0
Who We Are
News
Recent Changes
Aggregation
Benchmarking
Empirical Studies
Metrics Catalog Project
Metrics Definitions
Return on Investment
Security Modeling
Visualization
Page Info
My Prefs
Log in
This page (revision-2) last changed on
22:54 18-Jun-2006
by Andrew Jaquith.
JSPWiki v2.4.1-cvs
![[RSS]](/content/images/xml.png "Aggregate the RSS feed of the entire wiki")