Software Integrity

Search Results for 'vendor risk management'

 

Getting to the bottom of the top 5 vendor risk management best practices

“We cannot enter into alliances until we are acquainted with the designs of our neighbors.” – Sun Tzu Opening this post with an Art of War quote may seem a bit cliché. At the same time, it really hits the nail on the head when discussing vendor risk management. After all, the best way to […]

Continue Reading...

Posted in Software Security Initiative (SSI) | Comments Off on Getting to the bottom of the top 5 vendor risk management best practices

 

SEC and CyberSec risks, GDPR looms, what’s going on with the NVD?

In this week’s open source security and cybersecurity news: Free software comes with a price. Learn how a PE firm wraps open source due diligence into its tech investing. The SEC provides guidance on public cybersecurity. The Defense Department (re)launches its open source portal. A look at cybersecurity through the (virtual) lens of video gaming. […]

Continue Reading...

Posted in Security Standards and Compliance, Software Architecture and Design | Comments Off on SEC and CyberSec risks, GDPR looms, what’s going on with the NVD?

 

Artificial intelligence for open source risk management

Artificial Intelligence (AI) is revolutionizing the way we live, work and think. In recent times, computing machines have become intelligent enough to recognize real world objects, recognize speech, learn programs, paint like an artist, or even dream like humans. Security and reliability of software systems, which is enormously important to our modern economy, is also […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Open Source Security | Comments Off on Artificial intelligence for open source risk management

 

Devil’s Ivy security vulnerability leaves IoT devices at risk

A vulnerability in a single software component, found in an internet-connected security camera, may leave thousands of different security camera models (and other Internet of Things devices) at risk. But Devil’s Ivy and other such flaws can be avoided with effective software supply chain management. On Tuesday, IoT researchers at Senrio disclosed a hackable flaw […]

Continue Reading...

Posted in Internet of Things, Software Composition Analysis | Comments Off on Devil’s Ivy security vulnerability leaves IoT devices at risk

 

4 risks in connected cars

Black Duck (now Synopsys) held its inaugural European user conference this month in Amsterdam. Turnout was great, with almost 100 representatives from European businesses attending our training and presentations. I was privileged to lead a panel discussion on the security implications of open source in connected cars. Gordon Haff, Technology Evangelist at Red Hat, and Simon Gutteridge, […]

Continue Reading...

Posted in Automotive Security, Webinars | Comments Off on 4 risks in connected cars

 

GDPR deadline: Does “appropriate security” include open source risk?

It’s May 25th, 2017, and the GDPR deadline is bearing down on us like an express train. Personal data privacy is the impetus behind the EU General Data Protection Regulation (GDPR), which goes into effect in exactly one year — on May 25th, 2018.

Continue Reading...

Posted in Open Source Security, Security Standards and Compliance | Comments Off on GDPR deadline: Does “appropriate security” include open source risk?

 

How to mitigate third-party security risks

Third-party products and services are an integral part of business operations. Organizations depend heavily on optimizing their solutions by reducing costs; thus, bringing about the need for external expertise. Third-party organizations promise timely delivery of products and services, meeting compliance requirements, and optimizing the organization’s overall business performance. Reasons for bringing in a third party […]

Continue Reading...

Posted in Maturity Model (BSIMM), Software Architecture and Design, Software Security Initiative (SSI) | Comments Off on How to mitigate third-party security risks

 

Java platform security: Session state management explained

Applications have continued to evolve from desktop to enterprise, the cloud, and laterally into the Internet of Things and embedded devices. Each evolution increases business benefit and, conversely, creates more opportunity for successful exploitation. Further, traditional security infrastructure like firewalls are proving less effective at defending applications. Few companies have a handle on their Java […]

Continue Reading...

Posted in Uncategorized | Comments Off on Java platform security: Session state management explained

 

Threats obvious, but electronic voting systems remain insecure

Election security requires that voters trust the results. But many U.S. electronic voting systems are clearly insecure, and untrustworthy. What are we doing about it?

Continue Reading...

Posted in Critical Infrastructure Security, Government Security | Comments Off on Threats obvious, but electronic voting systems remain insecure

 

How to protect our critical infrastructure | NCSAM at Synopsys

The 2018 Verizon Data Breach Investigations Report (DBIR) reported and analyzed 649 breaches in utilities, transportation, healthcare, and other verticals that employ operational technology (OT) systems in addition to traditional IT for their main operations. In total, that represents 29.2% of reported breaches (not incidents) in industries considered part of infrastructure verticals—and that doesn’t even […]

Continue Reading...

Posted in Critical Infrastructure Security | Comments Off on How to protect our critical infrastructure | NCSAM at Synopsys