Software Integrity Blog

Author Archive

Chandu Ketkar


Chandu Ketkar is a principal security consultant at Synopsys. His vast security expertise includes architecture security, secure design assessment automation, medical device and systems security, cryptography, mobile application security, maturity models, and software security initiatives (SSI). Chandu also has over 25 years of experience building software and says if he knew back then what he knows now, he would have built it a lot safer. He is a member of the AAMI and is actively engaged in creating an automation tool to scale architecture/design risk assessments. When he’s not building code for medical devices, Chandu relaxes by singing and listening to music.

Posts by Chandu Ketkar:


Hacking medical devices: Five ways to inoculate yourself from attacks

Healthcare companies must follow medical device security best practices to defend against attacks on devices and the networks and systems they connect to.

Continue Reading...

Posted in Building secure software, Healthcare Security & Privacy, Medical Device Security


Software developers vs. software security: Why can’t we all get along?

I was a software developer for over 20 years before I switched to the application/software security field. Being a part of several software engineering teams in my early career, and later becoming a security analyst, has put me in a unique position to understand these two worlds. Although I continue to enjoy the security assessment work, there is one thing I can’t help but notice. Over the years, I have sensed a tension between engineering teams (software developers) and software security experts. I’ve even noticed developer bashing in some corners of the security world. It doesn’t feel as if developers and software security experts are always playing on the same team.

Continue Reading...

Posted in Software Security Program


Poodle: Yet another attack on SSLv3 (SSL 3.0)

Chandu Ketkar reviews the Poodle attack on SSLv3, including the anatomy of the attack, its impact, and how to mitigate it.

Continue Reading...

Posted in Open Source Security, Web Application Security


Standard versus proprietary security protocols

Proprietary security protocols can lead to a number of security issues. We recommend using standard security protocols as much as possible.

Continue Reading...

Posted in IoT Security, Mobile App Security, Software Compliance, Quality & Standards