Software Security

Archive for September 2016

 

New study finds static analysis and fuzz testing from Synopsys can save millions in remediation costs

By integrating testing early in the software development lifecycle, organizations may realize a high ROI. Earlier this year, Synopsys commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) case study for an organization deploying Coverity, a static code analysis solution, and Defensics, an intelligent fuzzing solution. The goal of Forrester’s independent TEI study was […]

Continue Reading...

Posted in Fuzz Testing, Software Development Life Cycle (SDLC), Static Analysis (SAST) | Comments Off on New study finds static analysis and fuzz testing from Synopsys can save millions in remediation costs

 

Strengthen your security defenses when programming in JavaScript

The number of developers applying defensive coding techniques to JavaScript isn’t nearly as widespread as those taking defensive measures in Java (among other coding languages). Well, we’re working to change that! It’s not impossible to code defensively in JavaScript—it just takes a bit of training. We recently sat down with Aman Ali, one of our […]

Continue Reading...

Posted in Security Training | Comments Off on Strengthen your security defenses when programming in JavaScript

 

IoT fueling larger DDoS attacks

Hacked internet-connected cameras and digital video recorders are to blame for a series of DDoS attacks that took down KrebsonSecurity last week. The attacks were first reported on September 19 by Octave Klaba, the founder and CTO of OVH. According to Ars Technica Klaba reported that more than 6,800 new cameras had joined the botnet […]

Continue Reading...

Posted in Internet of Things, Security Risk Assessment | Comments Off on IoT fueling larger DDoS attacks

 

Autonomous vehicles: Security implications of Uber’s self-driving cars

Last year, Uber set up an Advanced Technologies Center in Pittsburgh, Pennsylvania and began work on their latest project (no, not puppy delivery). Earlier this month they debuted their new self-driving cars, inviting “yinzers” to experience their first self-driven ride around Steel City. With a long list of really cool benefits (road trip, anyone?) there are […]

Continue Reading...

Posted in Automotive Security | Comments Off on Autonomous vehicles: Security implications of Uber’s self-driving cars

 

Protecode SC scans over 1 million applications

On Tuesday, Protecode SC, the online software composition analysis product from Synopsys, scanned its one millionth customer submitted app. “This is a significant milestone,” said David Chartier, VP of Marketing, Synopsys Software Integrity Group. “This is a strong showing of scalability and widespread adoption of Protecode SC and of it’s ability to meet the demands […]

Continue Reading...

Posted in Code Review, Software Composition Analysis, Vulnerability Assessment | Comments Off on Protecode SC scans over 1 million applications

 

3 ways that AppSec training benefits your long-term security strategy

Security training is an investment that yields critical returns to both the organization and the organization’s most valuable asset—its people. Training can directly impact key metrics like bug density ratios and time to remediation if it is implemented effectively. Today, I’ll highlight three ways that application security training can effectively benefit your long-term security strategy and mature […]

Continue Reading...

Posted in Application Security, Security Training, Software Security Program Development | Comments Off on 3 ways that AppSec training benefits your long-term security strategy

 

Tesla adopts code signing after remote access hack

After researchers discovered a way to hack into Tesla vehicles and reprogram their firmware, the auto manufacture pushed out not only a fix for that vulnerability, but a method for securing all the code running on the vehicle. The researchers from Tencent were able to remotely access a Tesla via its infotainment system. They faked […]

Continue Reading...

Posted in Automotive Security | Comments Off on Tesla adopts code signing after remote access hack

 

The digital doctors are in: Are you covered?

Following recent vulnerabilities disclosed in medical devices, a panel of experts discussed current remediation efforts and steps toward developing industry best practices. On the CodenomiCON 2016 panel The Digital Doctors Are In – Are You Covered? moderated by Chenxi Wang, Chief Strategy Officer at Twistlock, security experts debated the challenges facing the healthcare and medical […]

Continue Reading...

Posted in Medical Device Security, Security Conference or Event | Comments Off on The digital doctors are in: Are you covered?

 

HERE opens automotive data services

A digital mapping service HERE collects real-time driving data from cars via its Open Location Platform. In advance of next week’s Paris Auto Show, HERE unveiled a series of initial tools, namely HERE Real-Time Traffic, HERE Hazard Warnings, HERE Road Signs and HERE On-Street Parking. Beginning in 2017, any customer inside or outside of the […]

Continue Reading...

Posted in Automotive Security, Internet of Things | Comments Off on HERE opens automotive data services

 

Identifying and resolving software vulnerabilities: A balancing act

Leading a software security group (SSG) is a balancing act. Most decisions come down to how to apply an extremely limited amount of resources to what seems like an insurmountable problem. To give you an example, a question I have been asked in past roles, and continue to hear from clients today is: “Is it better to […]

Continue Reading...

Posted in Software Security Testing | Comments Off on Identifying and resolving software vulnerabilities: A balancing act