Software Integrity

Archive for February 2016

 

U.S. to re-negotiate Wassenaar Arrangement

After six months of feedback from the US security community, the United States said on Tuesday it would re-negotiate the Wassenaar Agreement, particularly the part covering hacking and surveillance—cybersecurity. In a letter from the National Security Council’s Senior Director for Legislative Affairs, Caroline Tess, made public by the White House on Tuesday to the Associated […]

Continue Reading...

Posted in Application Security, Government Security | Comments Off on U.S. to re-negotiate Wassenaar Arrangement

 

New OpenSSL flaws to be patched

On Tuesday, the first day of RSA 2016, the OpenSSL project will released updates, specifically versions 1.0.2g, 1.0.1s. All that is known is that the organization ranks these with maximum severity “high”. According to the OpenSSL Policy, high means the patch will include issues that are of a lower risk than critical, perhaps due to […]

Continue Reading...

Posted in Network Security, Open Source Security | Comments Off on New OpenSSL flaws to be patched

 

7 ways software developers can upgrade their skills in 2016

The demand for highly skilled, qualified software developers is growing at a rapid rate. In fact, the market for developers is expected to grow 17% within the next 10 years, much faster than the demand growth of other occupations. While job opportunities may be easier to come by, software engineering is becoming an increasingly competitive […]

Continue Reading...

Posted in Application Security, Security Training | Comments Off on 7 ways software developers can upgrade their skills in 2016

 

Overcome the top 6 application security hurdles

Most companies maintain a reactive approach when it comes to application security and information security.  But, why wait for an attacker to get into your unprotected (or minimally protected) sensitive data before you decide to do something about it? What’s holding companies back from investing in application security? When security becomes a problem, it becomes […]

Continue Reading...

Posted in Application Security, Software Security Testing | Comments Off on Overcome the top 6 application security hurdles

 

When your anti-malware program has a zero-day

Software intended to protect your computer from malware and remote attackers shouldn’t be vulnerable to exploitation, yet that is what one security researcher is finding. Discovering password manager vulnerability Earlier this month, Tavis Ormandy, a Google Project Zero security researcher, disclosed his latest such vulnerability, this time affecting Trend Micro’s Password Manager. He found that […]

Continue Reading...

Posted in Network Security, Vulnerability Assessment | Comments Off on When your anti-malware program has a zero-day

 

Building security into IoT software development

IoT will create a surge in software development that will be unprecedented in scope and reach. Why? It’s simple.






Continue Reading...

Posted in Internet of Things, Software Security Testing | Comments Off on Building security into IoT software development

 

Nissan Leaf app flaw allows remote access

A security researcher disclosed on Wednesday that certain Nissan Leaf models can allow their heating and air-conditioning systems to be hijacked because of a flaw in its companion app. Security researcher Troy Hunt found that the NissanConnect app needed only the vehicle identification number (VIN) for any Nissan Leaf car to take control. However, he […]

Continue Reading...

Posted in Automotive Security, Embedded Software Testing, Internet of Things | Comments Off on Nissan Leaf app flaw allows remote access

 

Security risks in mergers and acquisitions

Mergers and acquisitions (M&A) between two companies bring a unique synergy that cannot be obtained by one company alone. Along with synergy, M&A bring a lot of things to the table such as: Product diversification Customer base increase Cost and overhead reduction Quality staff increase Competition reduction One of the aspects rarely discussed during M&A is security as […]

Continue Reading...

Posted in Application Security, Security Risk Assessment, Security Standards and Compliance, Software Security Testing, Vendor Risk Management, Vulnerability Assessment | Comments Off on Security risks in mergers and acquisitions

 

Asus settlement prompts federal monitoring

On Tuesday, the Federal Trade Commission (FTC) announced a decision to require network hardware manufacturer Asus to provide and maintain a comprehensive security program for the next 20 years and also be subject to audits. The action stems from a remote attack on Asus routers in February 2014. “Routers play a key role in securing […]

Continue Reading...

Posted in Network Security, Vulnerability Assessment | Comments Off on Asus settlement prompts federal monitoring

 

Defensics Agent Framework

During past few months, Synopsys R&D has been busy with improving the Defensics instrumentation capabilities. Focus has been given to providing more powerful tools for controlling and monitoring the status of the system under test (SUT). Fuzzing is an effective testing technique but it is sometimes hard to detect an exact testcase or sequence which […]

Continue Reading...

Posted in Application Security, Fuzz Testing | Comments Off on Defensics Agent Framework