Software Integrity Blog

Author Archive

Jim Ivers

jivers

Jim Ivers is the senior director of marketing within Synopsys' Software Integrity Group where he leads all aspects of SIG's global marketing strategies, branding initiatives, and programs, as well as product management and product marketing. Jim is a 30-year technology veteran who has spent the last ten years in IT security. Prior to Synopsys, Jim was the CMO at companies such as Cigital, Covata, Triumfant, Vovici, and Cybertrust, a $200M security solutions provider that was sold to Verizon Business. Jim also served as VP of Marketing for webMethods and VP of Product Management for Information Builders.


Posts by Jim Ivers:

 

Hide and seek: The game of security breach detection and disclosure

Since the launch of the popular Verizon Breach Investigations Report (VBIR) and its subsequent imitators, I have been asking what I believe to be a simple and fundamental question: Do the reported breaches actually just represent attacks that are less well-conceived and/or constructed? The basic assumption is that these reports include these breaches because they were detected. I suppose I could attribute this detection to the savvy of the attacked organization. Alas, statistics from these studies show that most attacks are detected by third parties, not the attacked party. So   I feel comfortable eliminating a bias toward the detection acumen of the attacked organization.

Continue Reading...

Posted in Data Breach, Maturity Model (BSIMM) | Comments Off on Hide and seek: The game of security breach detection and disclosure

 

The VTech toy hack: What you need to know

News recently broke that toy manufacturer VTech was breached, exposing over 6M records of customer data, some related to children. The news is generating concerns about the Internet of Things (IoT) and consumer privacy.

Continue Reading...

Posted in Data Breach, Internet of Things | Comments Off on The VTech toy hack: What you need to know

 

Can you afford not to implement security training?

Given enough time, it’s easy to talk yourself out of making the investment in training for your staff. Organizations that take the long view recognize that software security training is an investment that yields critical returns to both the organization and to the staff.

Continue Reading...

Posted in Maturity Model (BSIMM), Security Training | Comments Off on Can you afford not to implement security training?

 

5 ways to pay your technical debt back

Technical debt accumulates if you don’t build security in throughout your development cycle. Here’s how to pay off old debt and stop creating new debt.

Continue Reading...

Posted in General | Comments Off on 5 ways to pay your technical debt back

 

Why managed application security services?

Firms often debate on whether it’s better to do dynamic testing in-house or to outsource the work. Only you can decide what’s best for your organization, but we’ve listed four benefits to working with a managed services partner like Synopsys before you consider before making your decision.

Continue Reading...

Posted in General | Comments Off on Why managed application security services?

 

Samsung SwiftKey: The latest AppSec vulnerability highlights

The Samsung smartphone SwiftKey security slip-up grabbed headlines in mid-June when it was discovered that 600 million Samsung smartphones were vulnerable to remote code execution (RCE) attacks.

Continue Reading...

Posted in Mobile Application Security, Software Architecture and Design | Comments Off on Samsung SwiftKey: The latest AppSec vulnerability highlights

 

Breach in healthcare data: One step too far

I am a victim. One of every nine of you is also a victim.

Continue Reading...

Posted in Data Breach, Healthcare Security | Comments Off on Breach in healthcare data: One step too far