Software Integrity

Search Results for 'security risk assessment'

 

New risk assessments for old medical device security flaws

On Wednesday, representatives from MITRE proposed risk assessments for medical devices using existing frameworks. Presenting at SOURCE Boston Penny Chase and Steve Christey Coley, of the MITRE Corporation noted that that medical devices incorporate the use of third-party software, operating systems, and workstations; are subject to regulation, which can limit ability to patch and reconfigure […]

Continue Reading...

Posted in Medical Device Security | Comments Off on New risk assessments for old medical device security flaws

 

How to integrate cloud security into your SSI

Every organization that develops or integrates software needs a software security initiative (SSI)—that has been true for years. Security is, or ought to be, as important as function and features. What is also true now, given that the large majority of organizations have already migrated or are planning to migrate some or all of their […]

Continue Reading...

Posted in Cloud Security | Comments Off on How to integrate cloud security into your SSI

 

Hacking Security Episode 2: The 4 CISO tribes

Hacking Security is a monthly podcast on emerging trends in application security development hosted by Steve Giguere, lead EMEA engineer at Synopsys. The CISO Report In Episode 2, we discuss notable CISOs and then dive into the four tribes found in the Synopsys CISO Report. Take 20 minutes to listen to the latest episode below. Transcript […]

Continue Reading...

Posted in Hacking Security, Podcasts, Web Application Security | Comments Off on Hacking Security Episode 2: The 4 CISO tribes

 

Open source security risk: Managing the threat in mergers and acquisitions

I have blogged before about the pervasiveness of open source in applications today. Synopsys and other organizations have been tracking its growth for years, particularly as it relates to the amount of open source code we find in the applications we scan. Our Black Duck On-Demand Audit team scans thousands of applications every year, mostly […]

Continue Reading...

Posted in Open Source Security, Software Composition Analysis | Comments Off on Open source security risk: Managing the threat in mergers and acquisitions

 

Building security into connected medical devices

What does cyber security mean for connected medical devices? Recently, the U.S. Food and Drug Administration (FDA) officially announced that it formally recognizes UL 2900-2-1. The announcement follows up the FDA’s acceptance last year of UL 2900-1, the first publication in the UL 2900 series of standards for cyber security. UL 2900-2-1 is the first […]

Continue Reading...

Posted in Healthcare Security, Medical Device Security | Comments Off on Building security into connected medical devices

 

FDA adopts UL 2900-2-1, improves cyber security of connected medical devices

The cyber security of connected medical devices, notoriously poor for decades, could finally start to improve. The June 6 announcement by the federal Food and Drug Administration (FDA) on a change in the premarket certification process of devices was low-key—11 pages of dense bureaucratese buried within tens of thousands of pages in the Federal Register. […]

Continue Reading...

Posted in Healthcare Security, Medical Device Security | Comments Off on FDA adopts UL 2900-2-1, improves cyber security of connected medical devices

 

Common security challenges in CI/CD workflows

What are the most common security challenges in CI/CD workflows? Organizations report CI/CD security challenges related to tools, approach, speed, false positives, developer resistance, and compliance. Meera Rao, director of the secure development practice at Synopsys, explains how to deal with each one effectively. In a recent webinar that I co-presented with Jay Lyman, principal […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Static Analysis (SAST) | Comments Off on Common security challenges in CI/CD workflows

 

Digital license plates, GDPR risks and hackers, security bugs in AI robots

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup episode. What’s in this week’s Security Mashup episode, you ask? California puts a lot on your plate, the law of unintended consequences as it related to GDPR risks, and porous pepper. Watch the entire […]

Continue Reading...

Posted in Internet of Things, Weekly Security Mashup | Comments Off on Digital license plates, GDPR risks and hackers, security bugs in AI robots

 

Establishing technology trust at Infosecurity Europe 2018

Infosecurity Europe is one of the leading information security events in Europe. The annual event, taking place this year from 5-7 June, brings together over 19,500 information security professionals, over 400 exhibitors showcasing the most cutting edge information security solutions, and thought leaders from around the globe. This year, Synopsys technical evangelist, Tim Mackey (@TiminTech), […]

Continue Reading...

Posted in Container Security, Webinars | Comments Off on Establishing technology trust at Infosecurity Europe 2018

 

What you need to know about the Singapore Cybersecurity Bill

The newly ratified Singapore Cybersecurity Bill is Singapore’s answer to securing critical information infrastructure (CII) providers, minimizing threats from malicious actors. But now that the bill has been signed into law, analysts and practitioners alike are raising concerns about the high costs and logistic challenges of enforcing it. CII providers are defined as the owners […]

Continue Reading...

Posted in Security Standards and Compliance | Comments Off on What you need to know about the Singapore Cybersecurity Bill