Software Integrity

Archive for January 2015

 

Security researchers expose bugs and their vendors

In the day and age where applications are constantly surveyed and found to have bugs, the communication behind reporting them has stirred much controversy. This is especially true in eyes of security researchers. Many firms have done a poor job listening to the individuals who notify them of bugs. This leads not only to frustration, […]

Continue Reading...

Posted in Application Security, Software Security Testing, Vulnerability Assessment | Comments Off on Security researchers expose bugs and their vendors

 

Real world scenarios of unannounced security vulnerabilities

In the fall, the headlines were littered with news of the “iCloud Data Breach.” This exposed nude photographs of celebrities and potentially left all iCloud accounts vulnerable to exposure. A lapse in proper security controls. Fingers were pointed and people and companies were blamed for the breach. However, it all boils down to a lapse […]

Continue Reading...

Posted in Cloud Security, Data Breach, Mobile Application Security, Software Security Testing | Comments Off on Real world scenarios of unannounced security vulnerabilities

 

Medical device security: Building it in or bolting it on?

Medical device security is making strides. However, one area that isn’t being addressed is patching. A webinar I attended described a hospital which performed a reconnaissance of their network and found several hundred Windows XP machines. There was no service pack revision; these machines were running the initial release of Windows XP. The medical device […]

Continue Reading...

Posted in Healthcare Security, Medical Device Security, Software Development Life Cycle (SDLC), Software Security Testing, Vulnerability Assessment | Comments Off on Medical device security: Building it in or bolting it on?

 

The split views on the 30-day data breach notification laws

This week there has been much conversation around President Obama’s proposed law calling for organizations to publically disclose breaches within a 30-day window. With 47 different laws on the books this would provide uniformity across the states and provide clarity to organizations about what they must do regardless of their or their customers’ locations. Recent […]

Continue Reading...

Posted in Data Breach | Comments Off on The split views on the 30-day data breach notification laws

 

5 security new year’s resolutions

Happy 2015! With the dawn of the New Year we are betting you have made some resolutions, like losing weight, getting a promotion, or finally taking the two minutes to delete the unwanted U2 album from your iTunes account. But why not up your security game while you’re at it? Here is a list of […]

Continue Reading...

Posted in Application Security, Security Risk Assessment, Security Training | Comments Off on 5 security new year’s resolutions

 

Making strides in medical device security

Medical device security is hard and there is no denying that most medical devices, especially those connected to the Internet, lack adequate security controls. As Dr. Gary McGraw and I discussed in our Search Security article, there is a lot of work to be done in the domain of medical device security. But, the good […]

Continue Reading...

Posted in Healthcare Security, Medical Device Security, Software Security Testing | Comments Off on Making strides in medical device security