Posts by Robert Vamosi:
How does your software security initiative stack up against the best? Against others in your market? Against your own goals? A Building Security In Maturity Model (BSIMM) assessment can answer these questions. Whether you call it a software security initiative (SSI), application security program, product security process, or something else, it’s a business necessity to […]
Continue Reading...
Posted in Application Security, Maturity Model (BSIMM), Software Security Program Development, Software Security Testing | Comments Off on The BSIMM helps organizations mature software security
It took security researchers only minutes to gain access to more than a dozen voting machines at last month’s DEF CON security conference. The nearly two dozen machines, all purchased from eBay and government auctions, are considered representative of the wide variety of electronic voting systems in use today. One even contained actual voting data from […]
Continue Reading...
Posted in Application Security, Data Breach, Government Security | Comments Off on DEF CON 25 exposes voting system vulnerabilities
In a survey conducted by Synopsys at this year’s Infosecurity (InfoSec) Europe, almost half of participants said their organizations had not experienced a cyber attack within the last two years. Most attendees surveyed said their organizations had either an internal or external software security group or a combination of both. And the majority indicated their […]
Continue Reading...
Posted in Application Security, Security Conference or Event, Software Security Program Development | Comments Off on Survey finds organizations better prepared for cyber security threats
New legislation proposed this month in U.S. Congress seeks to mitigate the risk of botnets commandeering Internet of Things (IoT) devices used in the U.S. government. The Internet of Things Cybersecurity Improvement Act of 2017 is a proposal from Sens. Mark R. Warner (D-Va.) and Cory Gardner (R-Colo.), co-chairs of the Senate Cybersecurity Caucus, along […]
Continue Reading...
Posted in Government Security, Internet of Things | Comments Off on How will new IoT legislation strengthen the future of cyber security?
In a new report, Synopsys examines new insights into areas of software development where further testing remains. By analyzing over 4.8 billion protocol-based tests, the Synopsys State of Fuzzing 2017 report qualifies the relative levels of maturity in terms of quality and security across more than 250 protocols found in industry verticals such as industrial […]
Continue Reading...
Posted in Fuzz Testing | Comments Off on What is the state of fuzz testing in 2017?
Before the public sessions kick off at Black Hat on Wednesday and Thursday, there are four days of training courses. The course I took part in this year was a two-day, hands-on car hacking course. My instructor, Robert Leale, is the founder and coordinator for the car hacking village at DEF CON. Both the weekend […]
Continue Reading...
Posted in Application Security, Automotive Security, Embedded Software Testing | Comments Off on Are there ever legitimate reasons for hacking a car?
Another week of InfoSec in the desert is history. Black Hat USA started as the Black Hat Briefings in 1997, and has remained mostly corporate. It grew out of the hacker-friendly environment of DEF CON which started as a going away party for a friend of the founder, Jeff Moss, in 1993. Together, the two […]
Continue Reading...
Posted in Fuzz Testing, Internet of Things, Security Conference or Event | Comments Off on Black Hat USA and DEF CON 2017: And that’s a wrap!
Last week, authorities in multiple countries served warrants to take down a Dark Web site generating a reported $600-$800 thousand a day in sales of illegal drugs and other products. The clue that led authorities to the real-world admin behind the site was a personal email address used in the site’s early days. It provided […]
Continue Reading...
Posted in Application Security, Security Conference or Event | Comments Off on What Dark Web failures can teach us about security at Black Hat and DEF CON
A vulnerability in a single software component, found in an internet-connected security camera, may leave thousands of different security camera models (and other IoT devices) at risk. On Tuesday, IoT researchers at Senrio disclosed a hackable flaw they’re calling “Devil’s Ivy.” Officially known as CVE-2017-9765, the vulnerability is a stack buffer overflow that, if successfully […]
Continue Reading...
Posted in Application Security, Data Breach, Internet of Things | Comments Off on Devil’s Ivy security vulnerability leaves IoT devices at risk
This week’s malware outbreak that removed computer data capabilities from large enterprises worldwide is now thought to have been designed to damage, not to earn profit. Therefore, it only masquerades as traditional ransomware. First seen on Tuesday, NotPetya/Petya is like last month’s WannaCry in that it displayed a ransom request of $300 in BitCoin on […]
Continue Reading...
Posted in Application Security, Data Breach | Comments Off on Beyond WannaCry and NotPetya / Petya: What’s next for enterprises?
