Blog

We couldn't be more delighted to announce our brand new project. Hardenize Policy is our effort to address the root causes of slow adoption of new security standards. We believe that the sheer number of available standards, their complexity, and the fast pace of change is a significant barrier for many. Hardenize Policy will provide a comprehensive guide to a wide range of network and security standards in a format that's easy to consume. Our first instalment covers security of email infrastructure, with additional documents to follow.

This announcement is very personal for me, because I've spent a big part of my professional life addressing a simple problem that's difficult to fix: lack of good documentation. I believe that everyone wants to do the right thing, it's just that it's not always clear what that is.

There are several reasons why we don't get to have good documentation. For example, traditional publishing is often "fire and forget", which leads to books that age quickly and are never updated. There's a similar problem with articles, which are often accurate when published, but become obsolete quickly. On top of that, we don't reward people who produce good documentation. It very often takes an enormous amount of time to research a topic and write it up, and the time spent can never be truly recovered in the financial sense.

I somehow made it my goal to try to fix this situation. I've been writing documentation, in one form or another, for a very long time now. My first book, Apache Security, was published in 2005. My most recent book, Bulletproof SSL and TLS, was published in 2014, but it's actively maintained, which means that it's still up to date, seven years later.

Hardenize Policy is a continuation of this long-term effort. With Bulletproof SSL and TLS I feel that I am providing a single reliable and comprehensive resource for TLS and PKI. With Hardenize Policy, we wish to do the same for a wide range of network and security standards.