Software Integrity

You’ve probably come across article headlines about parents facing the headache-inducing consequences of their children placing orders online. We’ve reached the day when it has become so easy to shop online that toddlers can (and do) place successful internet orders. In fact, earlier this year, a San Diego news station reported a story about a […]

Continue Reading...

Today’s electronic systems are more intelligent, more connected, and more at risk than ever before. In fact, a single vulnerability can lead to widespread system-of-systems compromises. Organizations participating in security-critical industries like Aerospace and Defense are especially at risk. About this webinar Cristopher Rommel from VDC and Joe Jarzombek from Synopsys will discuss the results […]

Continue Reading...

A vulnerability in a single software component, found in an internet-connected security camera, may leave thousands of different security camera models (and other IoT devices) at risk. On Tuesday, IoT researchers at Senrio disclosed a hackable flaw they’re calling “Devil’s Ivy.” Officially known as CVE-2017-9765, the vulnerability is a stack buffer overflow that, if successfully […]

Continue Reading...

Originally posted on SecurityWeek.  1. Shift Left. 2. Test earlier in the development cycle.  3. Catch flaws in design before they become vulnerabilities. These are all maxims you hear frequently in the discussion surrounding software security. If this is not your first visit to one of my columns it is certainly not the first time […]

Continue Reading...

There is a sad reality in the software world that developer education and training not only neglect software security, but often teach developers the wrong activities to secure it. This ranges from the ‘get it to work and move on’ habit to insecure code samples in the tutorials and forums we all use when learning new […]

Continue Reading...

In modern software development, the importance of using free and open source software (FOSS) components to build software products and systems isn’t debatable. Using FOSS components for commonly available functionalities such as logging (e.g., Log4j), text search (e.g., Apache Lucene), and secure communication (e.g., OpenSSL) has become an important factor to speed product time-to-market (TTM). […]

Continue Reading...

Developing software is an art. Developing safe and secure software is not only an art, but requires a mindset that anticipates potential bugs, security vulnerabilities, and system failures. Both quality and security are hard to add to a product after its inception. It simply isn’t practical to add on to a product as quality and security […]

Continue Reading...

Bryan Sullivan, a Security Program Manager at Microsoft, called threat modeling a “cornerstone of the SDL” during a Black Hat Conference presentation. He calls it a ‘cornerstone’ because a properly executed threat model: Finds architectural and design flaws that are difficult or impossible to detect through other methods. Identifies the most ‘at-risk’ components. Helps stakeholders […]

Continue Reading...

No matter what you call it, SecDevOps, DevSecOps, or DevOpsSec, you have to build security into your continuous integration, continuous delivery, and continuous deployment pipeline. This checklist will guide you through the DevSecOps journey—as we’ll call it within this checklist—to assure that you’re integrating security into your pipeline. Here, we’re going to look at each of […]

Continue Reading...

Much of today’s software is created using third-party code, and why not? After all, it’s quicker and more cost effective than building it from scratch. Using third-party software, however, comes with its own challenges. The recent State of Software Composition Analysis 2017 report explores these challenges. The report is based on the analysis of 128,782 software […]

Continue Reading...