RSnake introduced me to this blogging thing about a year and a half ago. At first I hated him for it because after trying it out it felt like another job taking up too much time - something else I had to keep up with and I wasn’t very good (writing) at it anyway. Not wanting to quit I decided to shift the goal to show up #1 on Google for “Jeremiah Grossman” (mission accomplished). I also decided to view this blog as an outlet for whatever personal and Web application security issues that happened to be on my mind. Whether or not anyone actually read it was just something I forgot all about.
Then something changed. Traffic grew exponentially to (10-20K uniques per mo.), slashdotted a couple of times, RSS subscribers went WAY up, and the media began to publish articles based upon the content. At the same time I started receiving a lot of extremely positive feedback via email, comments, and even face-to-face. People were coming up to me at conferences all over the world, whom I didn’t previously know, but knew of me from my blog. People were actually interested in what I posted! The blog became influential. Wow! So then I focused the content towards areas I thought most important and that people wanted to learn about.
Some 300 posts later, present day, what I’m most interested in is the thoughts and everyday experiences of you all - the readers. My surveys and live online roundtables are a reflection of that. The fact is “experts” have a hard time adding value and being timely if we don’t understand the challenges and the problems in the field. That’s why I personally spend as much time as I can conversing with people in the enterprise who’s job it is to protect websites. These are the people whom I want to help and make their lives better and easier. This is where we improve web application security overall.
So here’s my request for all over year:
If you know of a topic that I’m glossing over, haven’t talked about, or want me to dig in deeper into – please comment below or email me. For example, at the AppSec 2007 conference, someone in the education industry wanted to know how they might comply with PCI-DSS by changing the way they do business and not having to collect credit card data. This solution would be an alternative to spending a lot of money protecting the data.