Software Integrity Blog

Author Archive

Chandu Ketkar

cketkar

Chandu Ketkar is a principal security consultant at Synopsys. His vast security expertise includes architecture security, secure design assessment automation, medical device and systems security, cryptography, mobile application security, maturity models, and software security initiatives (SSI). Chandu also has over 25 years of experience building software and says if he knew back then what he knows now, he would have built it a lot safer. He is a member of the AAMI and is actively engaged in creating an automation tool to scale architecture/design risk assessments. When he’s not building code for medical devices, Chandu relaxes by singing and listening to music.


Posts by Chandu Ketkar:

 

Hacking medical devices: 5 ways to inoculate yourself from attacks

A terrorist hacks into the US Vice President’s pacemaker to murder him. It happened on the Showtime series Homeland, but could it happen in real life? Most security experts agree that such a scenario is highly unlikely or even downright impossible. However, that doesn’t mean you should ignore the real security risks that medical devices and systems introduce. They may not be as extreme as Hollywood portrayals, but security vulnerabilities and data breaches in medical devices and systems can put patient safety at risk and expose healthcare companies to data-disclosure and HIPAA regulatory risks.

Continue Reading...

Posted in Cloud Security, Healthcare Security, Internet of Things, Medical Device Security | Comments Off on Hacking medical devices: 5 ways to inoculate yourself from attacks

 

Software developers vs. software security: Why can’t we all get along?

I was a software developer for over 20 years before I switched to the application/software security field. Being a part of several software engineering teams in my early career, and later becoming a security analyst, has put me in a unique position to understand these two worlds. Although I continue to enjoy the security assessment work, there is one thing I can’t help but notice. Over the years, I have sensed a tension between engineering teams (software developers) and software security experts. I’ve even noticed developer bashing in some corners of the security world. It doesn’t feel as if developers and software security experts are always playing on the same team.

Continue Reading...

Posted in Maturity Model (BSIMM) | Comments Off on Software developers vs. software security: Why can’t we all get along?

 

What happens at Archimedes: All there is to know about medical device security

From a security viewpoint, medical devices differ from conventional web applications, mobile applications, and other types of embedded applications which security researchers commonly encounter.

Continue Reading...

Posted in General, Healthcare Security, Medical Device Security, Web Application Security | Comments Off on What happens at Archimedes: All there is to know about medical device security

 

Making strides in medical device security

Groups are stepping up to meet the medical device security challenge head on. Find out what developments are being made to improve medical device security.

Continue Reading...

Posted in Healthcare Security, Medical Device Security | Comments Off on Making strides in medical device security

 

Poodle: Yet another attack on SSLv3 (SSL 3.0)

Chandu Ketkar reviews the Poodle attack on SSLv3, including the anatomy of the attack, its impact, and how to mitigate it.

Continue Reading...

Posted in Open Source Security, Web Application Security | Comments Off on Poodle: Yet another attack on SSLv3 (SSL 3.0)

 

Standard versus proprietary security protocols

Proprietary security protocols can lead to a number of security issues. We recommend using standard security protocols as much as possible.

Continue Reading...

Posted in Internet of Things, Mobile Application Security, Security Standards and Compliance | Comments Off on Standard versus proprietary security protocols