Software Integrity Blog

Author Archive

Robert Vamosi

robertvamosi


Posts by Robert Vamosi:

 

How Distributed Weakness Filing might help MITRE’s CVE

Complaints about the current Common Vulnerabilities and Exposures (CVE) system from the MITRE organization have advanced a new community-powered Distributed Weakness Filing (DWF) system. DWF is available on GitHub.

Continue Reading...

Posted in Software Architecture and Design | Comments Off on How Distributed Weakness Filing might help MITRE’s CVE

 

Tesla pushing out “inert” software updates

Owners of Tesla are passively participating in a beta test of new self-driving software from the manufacturer.

Continue Reading...

Posted in Automotive Security | Comments Off on Tesla pushing out “inert” software updates

 

Maritime vessels new targets for cyber attacks

New research suggests that maritime vessels are under significant threat of cyber-attack because they were not designed with cyber security in mind and carry outdated software.

Continue Reading...

Posted in General | Comments Off on Maritime vessels new targets for cyber attacks

 

For want of a CVE: MITRE’s ongoing CVE backlog

At a security conference this week, researchers complained about the CVE backlog at MITRE, related to the organization’s handling of new vulnerabilities, and the difficulties of getting a CVE assigned.

Continue Reading...

Posted in Software Architecture and Design | Comments Off on For want of a CVE: MITRE’s ongoing CVE backlog

 

Podcast: ISO 26262 compliance through software testing

Standards are, without a doubt, important in any industry. Swipe your credit card at the cash register, and behind scenes there’s PCI DSS safeguarding how the credit card information is processed and stored. For wireless communications, there’s IEEE 802. And for the automotive industry, there’s ISO 26262, a standard which covers electronic systems in automobiles and road vehicles.

Continue Reading...

Posted in Security Standards and Compliance | Comments Off on Podcast: ISO 26262 compliance through software testing

 

New risk assessments for old medical device security flaws

On Wednesday, representatives from MITRE proposed risk assessments for medical devices using existing frameworks.

Continue Reading...

Posted in Medical Device Security | Comments Off on New risk assessments for old medical device security flaws

 

SEC warns on financial services cybersecurity risks

According to the US Securities and Exchanges Commission chair, cyber hacking is the biggest risk facing the world’s financial markets today.

Continue Reading...

Posted in Financial Services Security, Software Architecture and Design | Comments Off on SEC warns on financial services cybersecurity risks

 

Serious Symantec AV engine vulnerability to be patched

Google Project Zero Researcher Tavis Ormandy disclosed a Remote Heap/Pool memory corruption vulnerability in all versions of Symantec and Norton branded Antivirus products.

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Serious Symantec AV engine vulnerability to be patched

 

Backdoor vulnerability affects Chinese ARM-based prototyping devices, others

Researchers have found that a Chinese chip manufacturer for low-cost Android tablets, set-top boxes, ARM-based PCs, and other devices has shipped a vulnerable Linux kernel in its latest product.

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Backdoor vulnerability affects Chinese ARM-based prototyping devices, others

 

Privilege escalation vulnerability hits Lenovo Solution Center software

There is a serious privilege escalation vulnerability in software that is included with every Lenovo laptop. Fortunately, the company has now released a patch.

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Privilege escalation vulnerability hits Lenovo Solution Center software