Software Integrity

With apologies to the late Adams Douglas Adams, writing a checker is hard. You just won’t believe how vastly, hugely, mind-bogglingly hard it is. I mean, you may think it’s difficult to pull together a purchase order for a new bit of software, but that’s just peanuts to writing a checker. Truth be told, writing […]

Continue Reading...

The Apache Software Foundation’s legal group is an interesting microcosm in which to study open source license issues. Generally, what the Apache Software Foundation (ASF) deems good is good for companies looking to consume open source, and what’s not is not. So their open discussions are useful to monitor if you want to keep tabs […]

Continue Reading...

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Facing off with Google, Snap out of it, and Password protection. Watch this week’s episode taped live at Black Hat USA 2018. Inside Google’s plan […]

Continue Reading...

This is the first post in a three-part series on how you can maximize the impact of a static analysis solution by supporting developers and their goals. Aligning static analysis with development goals Application security responsibilities are shifting to the developer as organizations look to produce secure, high-quality software at a competitive pace. Because of […]

Continue Reading...

Security researchers Jonathan Butts and Billy Rios wanted to make it clear at the beginning of their presentation. “The benefits of implanted medical devices outweigh the risks (for most people),” read one of their opening slides. But they probably wouldn’t have been doing a session at Black Hat titled “Understanding and Exploiting Implanted Medical Devices” […]

Continue Reading...

Any effort to overhaul the cyber security of connected medical devices is likely to take considerable time and energy. Given that many of them are made to last decades, securing them while they’re in use can make turning an ocean liner look positively nimble. Still, the announcement last month by the Federal Food and Drug […]

Continue Reading...

Google’s famous “Don’t be evil” motto got a corollary this week at Black Hat from Parisa Tabriz, director of engineering for the company’s Project Zero: “Do things better.” “We have a responsibility to do things better. Computer security is becoming the security of the world,” she said during her Wednesday morning keynote in Mandalay Bay’s […]

Continue Reading...

We keep hearing that privacy is dead. But there is a good chance that a lot of us still aren’t aware of just how dead. So this week Synopsys presented codenomi-con, in connection with the Black Hat conference in Las Vegas, offering reminders about that reality in both government and the private sector. At the […]

Continue Reading...

What does cyber security mean for connected medical devices? Recently, the U.S. Food and Drug Administration (FDA) officially announced that it formally recognizes UL 2900-2-1. The announcement follows up the FDA’s acceptance last year of UL 2900-1, the first publication in the UL 2900 series of standards for cyber security. UL-2900-2-1 is the first FDA […]

Continue Reading...

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Lock the vote (election insecurity), “Spamalot” returns for a second act, and SamSam hits a grand slam as a heavy ransomware hitter. Electoral trust meets […]

Continue Reading...