The RSA Conference in San Francisco, CA just concluded and it was overflowing with the latest security information, insights and news. There’s been a lot of buzz about this security event and we’ve compiled a few of those links for you.

Studies and research

  • NSS Labs Study on social attack aversion – NSS Labs released its latest study on how well web browsers avoid social engineering attacks.
  • Veracode’s State of Application Security – Around 58 percent of the applications tested by application security testing service provider Veracode in the past year-and-a-half failed to achieve a successful rating in their first round of testing.
  • McAfee on intellectual property risks – McAfee analyzed a commonly used software for housing intellectual property called Perforce and released its findings during a session at the RSA security conference.
  • Fifteen Common Activities from BSIMM2 – In addition to highlighting the fifteen most common BSIMM activities, the article also provides the 30 firm data for all 110 activities in public for the first time.

Presentations and sessions

Some announcements and news from the conference floor

Interviews (link redirect to MP3 podcasts)

  • Jennifer Bayuk – She says that audits do not break down, it’s the response to it that fails.
  • Mark Bower, Voltage Security – The director from Voltage Security speaks about E2EE, how it will affect merchants and what we might be seeing in the future from Voltage SecureData Payments POS SDK.
  • Andy Hayter, ICSA Labs – This interview with ICSA Labs discusses about anti-virus testing, education of consumers and a new initiative to use the testing ICSA does in the real world.
  • Pedro Bustamante, Panda Security – A senior analyst at Panda Security explains his company’s cloud AV product and USB vaccine.
  • Scott Charney, Microsoft –  A post-talk Q&A with the VP of Trustworthy Computing at Microsoft about quarantining of infected computers away from the Internet.
  • Anton Chuvakin, “Security Warrior” – Anton Chuvakin talks about PCI compliance and log management.
  • Edward Haletky, Anton Chuvakin – Edward Haletky chats with Anton Chuvakin about the benefits of virtualization and the issues it faces.
  • Jan Hichert, Astaro Internet Security – The CEO of Astaro shares their new security products and how they are using it in social media environments.
  • Chris Hoff, Cisco – Chris Hoff explains  a bit on cloud computing and virtualization.
  • Mikko Hypponen, F-Secure – The chief research officer of F-Secure converses about malware and how it is evolving to new platforms.
  • Jonathan Penn, Forrester – Jonathan Penn of Forrester discusses compliance and why it isn’t equal to security.
  • Marty Roesch, Sourcefire – Roesch talks on the security existential crisis, Immunet and virtual appliances.
  • Bob Russo, PCI Security Standards Council – Bob Russo, general manager of PCI Security Standards Council, stresses the importance of looking at your security logs and not just turning them on.
  • Roel Schouwenberg, Kaspersky Lab – A conversation with the senior AV researcher of Kaspersky on APT, signature-based APT and other topics.
  • Hord Tipton, (ISC)2 – The executive director of International Information Systems Security Certification Consortium expounds on the Safe & Secure Online program and other topics.
  • Jacob West, Jeremiah Grossman – Two security experts share what they see as the most common vulnerabilities out there and the incentives of the ones who exploit them.

Software downloads

  • VerIS Framework – Verizon released its framework for analyzing forensics data to help give organizations a better look into their data breaches.
  • Playbook – Matasano offers a virtual appliance that scans for any firewall rules that are outdated, redundant, or could potentially expose a network to security threats.
  • Forefront Identity Manager 2010 – Microsoft released its new identity management software, a system corporations can use to manage employees and others within an organization.

Finally, here is the official photo set from the conference and the compilation of video and audio from the keynote presentations. Watch out for RSA Europe coming this October.