Software Integrity

Archive for May 2015

 

Why you fix Logjam later

The Internet is buzzing with talk of “Logjam,” a vulnerability in Diffie-Helman key exchange that allows us to downgrade the cryptography on a connection to something practical to decrypt. An attack leveraging Logjam would be able to see in the clear all the communications that the user thought were encrypted. This issue should be a non-event […]

Continue Reading...

Posted in Application Security, Vulnerability Assessment | Comments Off on Why you fix Logjam later

 

How does IEEE help protect against software development design flaws?

One of the main focuses of the Software Security industry is ensuring that all code is clear of bugs. But this is only a half of the problem. The other half is the design flaws in the applications coding, which can be avoided in the earlier stages. Examples of this include forgetting to authenticate the […]

Continue Reading...

Posted in Security Conference or Event, Software Architecture and Design, Vulnerability Assessment | Comments Off on How does IEEE help protect against software development design flaws?

 

Building meaningful security metrics

Many people in various security disciplines are looking to metrics as a way to demonstrate the efficacy of their efforts and show continuous process improvement. Unfortunately, poorly constructed metrics usually create more confusion than insight. If I told you that testing discovered nine critical vulnerabilities last month, what knowledge have I imparted? Does it clarify […]

Continue Reading...

Posted in Security Metrics, Software Security Program Development | Comments Off on Building meaningful security metrics

 

Home security is a lot like AppSec

Your front door is locked, but is your basement window? For the average home, the front door is likely the most heavily fortified entry point and, therefore, the hardest to compromise. Similarly, it is a natural inclination to rank applications by perceived risk and then concentrate application security testing on those applications with the highest […]

Continue Reading...

Posted in Application Security, Data Breach, Vulnerability Assessment, Web Application Security | Comments Off on Home security is a lot like AppSec

 

Medical app users: How safe is your personal information?

I recently attended the MobCon Digital Health conference in downtown Minneapolis, which highlighted the healthcare hot topic: mobile digital health. The sessions I attended ranged from FDA representative Bakul Patel’s on FDA’s classification of mobile apps to PhysIQ and the Mayo Clinic’s combined talk about remote care platform opportunities and challenges. While these sessions focused […]

Continue Reading...

Posted in Application Security, Healthcare Security, Medical Device Security | Comments Off on Medical app users: How safe is your personal information?