Software Integrity

Archive for 2016

 

Classification of open source licenses: A developer’s perspective

Throughout my career, I have used various open source libraries (software or freeware) to build software systems primarily for data management and analytics applications. I knew open source software may be governed by different types of licenses, but I did not necessarily know the details, in particular about those technical and somewhat convoluted licensing conditions […]

Continue Reading...

Posted in Open Source Licenses | Comments Off on Classification of open source licenses: A developer’s perspective

 

AngularJS 1.6: Life outside the sandbox

AngularJS 1.6 was recently released. With this release comes several impactful changes. One such change to note is the removal of the expression sandbox. This was a predicted change that was first announced in early September. If you haven’t already evaluated the impact of this on your Angular code in preparation for the changes, it’s […]

Continue Reading...

Posted in JavaScript Security, Software Security Testing, Threat Intelligence, Vulnerability Assessment | Comments Off on AngularJS 1.6: Life outside the sandbox

 

How to assess the risk of seemingly correct software

As the prevalence of software continues to trend upwards with time, a common assumption is that it is becoming more feature-rich and reliable. However, most in the software industry wouldn’t hesitate to point out how difficult it actually is to achieve fully-working software. In fact, when calculating software risk, a key assumption is that it […]

Continue Reading...

Posted in Security Risk Assessment, Software Security Testing | Comments Off on How to assess the risk of seemingly correct software

 

3 areas of open source risk: Legal, security…Do you know the third?

Looking back five or ten years, companies managing open source risk were squarely focused on license risk associated with complying with open source licenses. Beginning in 2014, when open source security vulnerabilities began to get names (like Heartbleed, Shellshock and Poodle), open source security rose in importance as companies addressed vulnerabilities in their code. Black Duck […]

Continue Reading...

Posted in Legal, Open Source Security, Security Standards and Compliance | Comments Off on 3 areas of open source risk: Legal, security…Do you know the third?

 

5 security industry buzzwords we love to hate

Computing security is an interesting space. One of the main aspects that makes it interesting is that there are many security terms that are ambiguous. With some words, we have no idea why we’ve come to use them! While these buzzwords aren’t going away any time soon, here is a list of buzzwords that most of the […]

Continue Reading...

Posted in Cloud Security, Ethical Hacking, Software Security Testing | Comments Off on 5 security industry buzzwords we love to hate

 

SQL injection cheat sheet: How to prevent attacks

SQL injection takes place when database software can’t tell the difference between arbitrary data from the user and genuine commands from the application. When an attacker injects commands into the data they send to a database, they can take database control away from the application owner. This can lead to data corruption, leaks of confidential […]

Continue Reading...

Posted in Software Security Testing, Vulnerability Assessment | Comments Off on SQL injection cheat sheet: How to prevent attacks

 

Synopsys finds bluetooth memory vulnerability in MacOS/OS X

On Tuesday, researchers at Synopsys were credited in an Apple Update with finding a Bluetooth vulnerability in its operating system. The Cupertino-based computer company disclosed a memory corruption issue as one of three affecting its Bluetooth stack. The effect of this specific unpatched vulnerability is that an application may be able to execute arbitrary code […]

Continue Reading...

Posted in Fuzz Testing, Vulnerability Assessment | Comments Off on Synopsys finds bluetooth memory vulnerability in MacOS/OS X

 

Mark your calendar: RSA USA 2017 is almost here

RSA Conference 2017 is taking place at the Moscone Center in San Francisco from February 13-17, 2017. While you’re there, be sure to stop by South Hall booth #1933 where we’ll be hosting prize giveaways, offering product demos, and setting up time to discuss our offerings in more detail. Also stop by to visit us at […]

Continue Reading...

Posted in Application Security, Mobile Application Security, Network Security, Security Conference or Event, Web Application Security | Comments Off on Mark your calendar: RSA USA 2017 is almost here

 

Software glitch causes FAA to order Boeing 787s powered down

Until Boeing provides a permanent software fix, airlines with 787 Dreamliners in their fleet will have to power down the planes once every 22 days. A software glitch that could result in the loss of controllability for the 787s manifests itself after several hours of continuous use. The FAA says “all three flight control modules […]

Continue Reading...

Posted in Embedded Software Testing, Security Standards and Compliance | Comments Off on Software glitch causes FAA to order Boeing 787s powered down

 

Command injection vulnerability in Locus Energy Solar Panels patched

A command injection vulnerability (CWE-73) disclosed within the software used by Locus Energy solar panels has now been patched by the company. An ICS-CERT advisory dated December 6, 2016, Daniel Reich, an independent researcher, was credited with finding the vulnerability in several versions of the LGate solar panel. Because the web server on these vulnerable […]

Continue Reading...

Posted in Industrial Control System Security, Vulnerability Assessment | Comments Off on Command injection vulnerability in Locus Energy Solar Panels patched