Software Integrity

Fault Injection is a podcast from Synopsys that digs deep into software quality and security issues. This week, hosts Robert Vamosi, CISSP and security strategist at Synopsys, and Chris Clark, principal security engineer at Synopsys, interview Sammy Migues, principal scientist here at Synopsys, about the new Building Security In Maturity Model (BSIMM) 8 report. You […]

Continue Reading...

DevOps enables you to release features and bug remediation efforts faster than ever before through Agile methodologies, CI/CD processes, and open source tools. While traditional security activities have trouble keeping pace with DevOps, it’s also critical not to let security fall behind. Is security tripping you up? As the DevOps revolution continues to advance, security […]

Continue Reading...

Fault Injection is a podcast from Synopsys that digs deep into software quality and security issues. This week, hosts Robert Vamosi, CISSP and security strategist at Synopsys, and Chris Clark, principal security engineer at Synopsys, interview Ken Modeste of UL at this year’s codenomi-con 2017, held at the end of July at the House of […]

Continue Reading...

We are coming up on fall here in the States, and for most of us, that means two big types of kickoffs are happening: new business initiatives and football. Budgets tend to land around the same time as football season, so if you want to enjoy your Sunday kickoffs, follow this list of four impactful […]

Continue Reading...

Initially created to support hands-free headsets, Bluetooth in 2017 is far from a simple wireless technology standard. It has evolved into a much different technology than today’s standard Wi-Fi wireless protocols. Researchers Ben Seri and Gregory Vishnepolsky of Armis Labs examine how complicated the Bluetooth implementation has become by navigating the complex protocol implementations in […]

Continue Reading...

In recent days, more details concerning the Equifax breach have come to light. There’s now speculation that attackers exploited a vulnerability in Apache Struts to steal data. There has also been plenty of speculation regarding the exact vulnerability that may have been exploited. The Apache Struts theory The Apache Struts Program Management Committee released a […]

Continue Reading...

On Sept. 7, Equifax announced that attackers had stolen information from about 143 million people in the United States. Canadian and U.K. residents’ data was also stolen. However, Equifax has not yet revealed the number of people affected. We do not know the exact vulnerability that was exploited. Equifax stated only that “criminals exploited a […]

Continue Reading...

Modern mobile device users often have their devices tightly integrated into daily life. From banking apps to social media feeds, these applications are high visibility targets for hackers and thieves looking to exploit weaknesses or hijack vulnerabilities. By ramping up mobile app security, vendors ensure the safety and security of their users and their infrastructure. […]

Continue Reading...

Most organizations follow common development processes when creating software. Unfortunately, these processes offer little support to construct secure software as they typically identify security defects in the verification (i.e., testing) phase. Fixing defects that late in the software development life cycle (SDLC) is often quite expensive. A better practice is to integrate security activities across […]

Continue Reading...

Originally posted on SecurityWeek.  We have collectively heard the saying, “where there is smoke, there is fire” throughout our lives. And, sure enough, it is true far more often than it is false. I have been seeing a lot of smoke lately, so I suspect that there is an interesting fire burning. First, the smoke […]

Continue Reading...