Software Security

Archive for May 2016

 

Synopsys joins automakers at Embedded Software Summit

This week Synopsys presented to automakers gathered in Detroit at a summit on embedded software integrity. The Embedded Software Integrity for Automotive Summit convened at a small hotel in Dearborn, Michigan – a city located just outside of Detroit and known by many in the automotive industry as the home of the Ford Motor Company […]

Continue Reading...

Posted in Automotive Security, Embedded Software Testing | Comments Off on Synopsys joins automakers at Embedded Software Summit

 

Tesla pushing out “inert” software updates

Owners of Tesla are passively participating in a beta test of new self-driving software from the manufacturer. Speaking at a MIT Technology event in San Francisco on Tuesday, Tesla’s director of Tesla’s Autopilot program Sterling Anderson said his company is pushing out “inert” software updates designed to shadow the drivers on the road today. “We […]

Continue Reading...

Posted in Application Security, Automotive Security, Embedded Software Testing | Comments Off on Tesla pushing out “inert” software updates

 

What are the real security implications of the Hillary Clinton email scandal?

U.S. media coverage of the key politicians fighting for the 2016 presidential nomination is pretty overwhelming. But, at least now we have something worth talking about—the security of the sensitive information in which politicians are handling that could potentially ruin their careers and bring internationally damning implications. So today, let’s take a look at the lessons […]

Continue Reading...

Posted in Data Breach, Government Security | Comments Off on What are the real security implications of the Hillary Clinton email scandal?

 

Maritime vessels new targets for cyber attacks

New research suggests that maritime vessels are under significant threat of cyber-attack because they were not designed with cyber security in mind and carry outdated software. In a research paper published in Engineering and Technology Reference researchers from the Plymouth University’s Maritime Cyber Threats Research Group suggest that cyber attacks would most likely target systems […]

Continue Reading...

Posted in Industrial Control System Security | Comments Off on Maritime vessels new targets for cyber attacks

 

For want of a CVE

At a security conference this week, researchers complained about MITRE’s handling of new vulnerabilities and the difficulties of getting a CVE assigned. At AusCERT this week, security researcher David Jorm said it’s gotten so bad that he’s started creating wordarounds to the problem such as creating his own website to get the word out about […]

Continue Reading...

Posted in Vulnerability Assessment | Comments Off on For want of a CVE

 

Podcast: ISO 26262 compliance through software testing

Standards are, without a doubt, important in any industry. Swipe your credit card at the cash register, and behind scenes there’s PCI-DSS safeguarding how the credit card information is processed and stored. For wireless communications there’s IEEE 802. And for the automotive industry there’s ISO 26262, a standard which covers electronic systems in automobiles and […]

Continue Reading...

Posted in Security Standards and Compliance | Comments Off on Podcast: ISO 26262 compliance through software testing

 

The timeless truth of software security fundamentals

More than a decade’s worth of good deeds were recently memorialized with Microsoft’s announcement that Michael Howard and Steve Lipner’s book The Security Development Lifecycle is now available for free online. What a great contribution by Michael, Steve, and by Microsoft to the community; and cheers to the continued growth of software and application security as a discipline! […]

Continue Reading...

Posted in Internet of Things, Mobile Application Security, Software Development Life Cycle (SDLC), Software Security Testing | Comments Off on The timeless truth of software security fundamentals

 

How to maximize returns on SAST tool investment

You probably hear time and time again that static application security testing (SAST) should be incorporated into the application development and deployment processes. In fact, the software security touchpoints also emphasize using code review tools. But, no SAST tool effectively addresses threats to a development environment ‘out of the box.’ It is a misnomer to believe that the cost […]

Continue Reading...

Posted in Software Development Life Cycle (SDLC), Software Security Testing, Static Analysis (SAST) | Comments Off on How to maximize returns on SAST tool investment

 

New risk assessments for old medical device security flaws

On Wednesday, representatives from MITRE proposed risk assessments for medical devices using existing frameworks. Presenting at SOURCE Boston Penny Chase and Steve Christey Coley, of the MITRE Corporation noted that that medical devices incorporate the use of third-party software, operating systems, and workstations; are subject to regulation, which can limit ability to patch and reconfigure […]

Continue Reading...

Posted in Medical Device Security | Comments Off on New risk assessments for old medical device security flaws

 

10 ways to infuse security into your software development life cycle

Implementing security measures should be a top priority to ensure the success of your software development life cycle (SDLC). First things first, it’s vital to maintain engagement with stakeholders throughout the development process. Understanding and managing stakeholder expectations guarantees that the final product’s success, in the stakeholder’s eyes, complements the criticality of designing and building security […]

Continue Reading...

Posted in Agile Methodology, Security Training, Software Development Life Cycle (SDLC), Software Security Testing | Comments Off on 10 ways to infuse security into your software development life cycle