We launched a new blog to share some thoughts about the security practices at my employer.
The blog is here: http://www.thesecuritypractice.com/.
The basic introduction and purpose can be found here: http://www.thesecuritypractice.com/the_security_practice/who-are-we.html
And, a post about Firefox-3.0's handling of self-signed certificates can be found here.
This was in reaction to a piece published on Risks a bit ago - "Firefox 3's Step Backwards For Self-Signed Certificates".