Summary: SecurityCenter 4.7 - A new version of SecurityCenter has been released this week. Measuring What Matters - I read an interesting post this week about security metrics. It was a little story about how the person responsible for security gave a quarterly presentation to management. It did not contain much in the way of metrics, but offered up an entertaining look at the threats, defenses and general happenings surrounding security. After the presentation, he had support for budget, but purposely left out metrics, claiming they could hurt the security budget. What are appropriate metrics? How can they help or hurt you? More PHP Vulnerabilities - Both Nessus and the passive vulnerability scanner got updated this week for detecting vulnerabilities in PHP itself. One of the world's most widely deployed web server technologies now with more patches to apply. Not only are there concerns about the applications being built on the platform, but also the platform itself. What can users do to protect themselves from being yet another PHP vulnerability?
