Software Integrity Blog

Author Archive

Robert Vamosi


Posts by Robert Vamosi:


DEF CON 25 exposes voting system vulnerabilities

It took security researchers only minutes to gain access to more than a dozen voting machines at last month’s DEF CON security conference. The nearly two dozen machines, all purchased from eBay and government auctions, are considered representative of the wide variety of electronic voting systems in use today. One even contained actual voting data from a previous election, exposing another issue: how to delete old data.

Continue Reading...

Posted in Data Breach Security, Public Sector Cyber Security


How will new IoT legislation strengthen the future of cyber security?

The Internet of Things (IoT) Cybersecurity Improvement Act of 2017 aims to mitigate risks and increase security in IoT products. Does it stand a chance?

Continue Reading...

Posted in IoT Security


Are there ever legitimate reasons for hacking a car?

Before the public sessions kick off at Black Hat on Wednesday and Thursday, there are four days of training courses. The course I took part in this year was a two-day, hands-on car hacking course. My instructor, Robert Leale, is the founder and coordinator for the car hacking village at DEF CON. Both the weekend and weekday editions of this course were sold out.

Continue Reading...

Posted in Automotive Cyber Security


Devil’s Ivy security vulnerability leaves IoT devices at risk

A vulnerability in a single software component, found in an internet-connected security camera, may leave thousands of different security camera models (and other Internet of Things devices) at risk. But Devil’s Ivy and other such flaws can be avoided with effective software supply chain management.

Continue Reading...

Posted in IoT Security, Software Composition Analysis (SCA)


How will the EU’s GDPR set a higher data security standard?

By mid-2018, global organizations doing business in Europe will need to comply with a new data security regulation known as the General Data Protection Regulation (GDPR). In light of recent high-profile data breaches, the GDPR is a much-needed revision of the EU’s 1995 Data Protection Directive 95/46/EC. It establishes new best practices for organizations doing business in the EU.

Continue Reading...

Posted in Data Breach Security, Software Compliance, Quality & Standards


New V2V communication could give hackers a free ride

There are initiatives in the auto industry and in municipal governments to roll out V2I and V2V communication systems responsibility and securely.

Continue Reading...

Posted in Automotive Cyber Security, Data Breach Security


The pros and cons of adding open source to your software

The State of Software Composition 2017 identified 16,868 unique software components and versions, a majority of which were FOSS packages and libraries. Clearly, open source is here to stay. So what are the pros and cons of using it?

Continue Reading...

Posted in Open Source Security, Software Composition Analysis (SCA)


Synopsys report finds old, vulnerable software components still in use

50% of the vulnerabilities we found were more than four years old. In almost every case, newer versions of these vulnerable software components were available.

Continue Reading...

Posted in Security news and research


7-year-old SAMBA flaw prompts new concerns (and patches)

With just one line of code, a malicious attacker can exploit a recently disclosed seven-year-old vulnerability in SAMBA. Known as CVE-2017-7494, the vulnerability affects Linux and Unix systems that:

Continue Reading...

Posted in Security news and research


Synopsys report finds the medical device industry vulnerable to attack

A new report investigates whether medical device makers and healthcare delivery organizations align on the need to address cyber security risks.

Continue Reading...

Posted in Healthcare Security & Privacy, Medical Device Security