In the day and age where applications are constantly surveyed and found to have bugs, the communication behind reporting them has stirred much controversy. This is especially true in eyes of security researchers. Many firms have done a poor job listening to the individuals who notify them of bugs. This leads not only to frustration, […]
In the fall, the headlines were littered with news of the “iCloud Data Breach.” This exposed nude photographs of celebrities and potentially left all iCloud accounts vulnerable to exposure. A lapse in proper security controls. Fingers were pointed and people and companies were blamed for the breach. However, it all boils down to a lapse […]
Medical device security is making strides. However, one area that isn’t being addressed is patching. A webinar I attended described a hospital which performed a reconnaissance of their network and found several hundred Windows XP machines. There was no service pack revision; these machines were running the initial release of Windows XP. The medical device […]
Posted in Healthcare Security, Medical Device Security, Software Development Life Cycle (SDLC), Software Security Testing, Vulnerability Assessment | Comments Off on Medical device security: Building it in or bolting it on?
This week there has been much conversation around President Obama’s proposed law calling for organizations to publically disclose breaches within a 30-day window. With 47 different laws on the books this would provide uniformity across the states and provide clarity to organizations about what they must do regardless of their or their customers’ locations. Recent […]
Posted in Data Breach | Comments Off on The split views on the 30-day data breach notification laws
Happy 2015! With the dawn of the New Year we are betting you have made some resolutions, like losing weight, getting a promotion, or finally taking the two minutes to delete the unwanted U2 album from your iTunes account. But why not up your security game while you’re at it? Here is a list of […]
Medical device security is hard and there is no denying that most medical devices, especially those connected to the Internet, lack adequate security controls. As Dr. Gary McGraw and I discussed in our Search Security article, there is a lot of work to be done in the domain of medical device security. But, the good […]