Software Integrity

WPA2? The weekend of Friday the 13th took a frightening turn—even for those of us who aren’t superstitious—when detrimental weaknesses were discovered in Wi-Fi Protected Access II (WPA2), the protocol responsible for securing Wi-Fi networks. WPA2 was first made available back in 2004 and has been required on all Wi-Fi branded devices since March 2006. […]

Continue Reading...

What happened and what can we learn? There’s been some very big news in the cryptographic world this week. So far, several technology news sites have highlighted the impact of a new vulnerability on Estonian and Slovakian smartcards, but the reach of this vulnerability is far wider than that. Five security researchers have just announced […]

Continue Reading...

What are Security Champions? Security Champions are developers who have a direct impact on the resiliency and security of their firm’s software. They are enthusiastic volunteers willing to participate in advanced software security training to perform an important role. They are also a part of a greater community of Champions exchanging ideas and techniques. Since […]

Continue Reading...

As you’re probably well aware, application security is a major issue among software developers and users. After all, a breach caused by an overlooked issue, as was the case for Equifax’s recent attack, can impact millions around the globe. The rise of high-profile ransomware and DDoS attacks is causing more and more developers to realize […]

Continue Reading...

Over the past year, Synopsys’ Gary McGraw has hosted 12 women making an impact on the security industry in his monthly Silver Bullet Security Podcast. The podcast features in-depth conversations with security gurus. Past guests include technologists, academics, business leaders, and government officials. A year ago, McGraw set out to focus his efforts on finding […]

Continue Reading...

Several frameworks have been proposed to evaluate the security of biometric systems. Popular ones include the simpler Ratha’s framework [1] and the enhanced Bartlow and Cukic framework [2]. To employ these frameworks to evaluate iPhone X’s biometric security, we need a lot of data points that we don’t have yet. We won’t speculate on the […]

Continue Reading...

A list of critical web application security vulnerabilities is a necessary risk management tool. Equally true is that each organization has a different set of vulnerabilities plaguing their applications. To complete a trifecta of fundamental truths, crowdsourced lists such as the OWASP Top 10 rarely reflect an individual organization’s priorities. Given all that, many organizations […]

Continue Reading...

Over the past decade, most organizations have established a well-oiled process for software development and maintenance. We refer to this as the software development life cycle (SDLC). However, advancing security threats relating to insecure software have brought the focus to security implementation within the SDLC without hampering quality. Let’s examine a few strategies to implement security […]

Continue Reading...

I am often posed the question, how do you manage to staff security professionals in such a competitive market? Our team has even been asked to help top-tier clients fill their own internal vacancies. So what makes us effective? Secure executive support It is very common for recruiting departments to be treated as administrative support […]

Continue Reading...

Fault Injection is a podcast from Synopsys that digs deep into software quality and security issues. This week, hosts Robert Vamosi, CISSP and security strategist at Synopsys, and Chris Clark, principal security engineer at Synopsys, interview Sammy Migues, principal scientist here at Synopsys, about the new Building Security In Maturity Model (BSIMM) 8 report. You […]

Continue Reading...