Software Integrity Blog

Author Archive

Robert Vamosi

robertvamosi


Posts by Robert Vamosi:

 

Podcast: Securing the supply chain through procurement language, Part 2

Until recently, there has not been real pressure to have supply chain software vendors attest to the validity of their wares. But with the introduction of software into automobiles, television sets, and medical devices, software integrity has taken on greater meaning. Many industries have specific hardware procurement requirements for parts introduced into their supply chains, but what about software?

Continue Reading...

Posted in Software Architecture and Design, Web Application Security | Comments Off on Podcast: Securing the supply chain through procurement language, Part 2

 

Satellite spins itself to destruction after receiving bad data

A Japanese X-ray telescope disintegrated in orbit after bad data in a software update package made it unstable.

Continue Reading...

Posted in General | Comments Off on Satellite spins itself to destruction after receiving bad data

 

German nuclear plant finds PCs full of viruses

More than a dozen common computer viruses have been found on PCs at one nuclear plant in Germany, according to its operator.

Continue Reading...

Posted in General | Comments Off on German nuclear plant finds PCs full of viruses

 

SWIFT interbank network patches software vulnerabilities

SWIFT, the Society for Worldwide Interbank Financial Telecommunication, has issued a patch after identifying a vulnerability that may have lead to last month’s theft of theft of $81 million from a Bangladesh Bank account at the New York Federal Reserve Bank.

Continue Reading...

Posted in Financial Services Security, Software Architecture and Design | Comments Off on SWIFT interbank network patches software vulnerabilities

 

As FDA medical device comment period ends, 2 healthcare organizations call for more standards

Two healthcare executive organizations are calling on the Food & Drug Administration (FDA) and the Department of Health and Human Services (HHS) to produce more guidance for medical device manufacturers.

Continue Reading...

Posted in Medical Device Security, Security Standards and Compliance | Comments Off on As FDA medical device comment period ends, 2 healthcare organizations call for more standards

 

US Congress investigates Juniper software flaw

On Wednesday, a tech savvy member of the U.S. Congress criticized a no show by Juniper Networks executives during a hearing exploring whether any government data was stolen as a result of a software flaw first disclosed last December.

Continue Reading...

Posted in General | Comments Off on US Congress investigates Juniper software flaw

 

FCC to investigate SS7 mobile phone vulnerabilities

On Wednesday, the Federal Communications Commission (FCC) announced it would investigate use by cellular carriers use of legacy mobile phone technology vulnerable to attack.

Continue Reading...

Posted in Mobile Application Security | Comments Off on FCC to investigate SS7 mobile phone vulnerabilities

 

Podcast: Securing the supply chain through procurement language, Part 1

Procurement language in software. The concept of holding someone contractually liable for the statements they make about the quality, reliability, and—most of all—security of the software they are providing. Many industries have specific hardware procurement requirements for parts introduced into their supply chains, but what about software? Until recently, there has not been real pressure to have supply chain software vendors attest to the validity of their wares. But with the introduction of software into automobiles, television sets, and medical devices, software integrity has taken on greater meaning.

Continue Reading...

Posted in General, Medical Device Security | Comments Off on Podcast: Securing the supply chain through procurement language, Part 1

 

PCI DSS v3.2 to require more software testing

The PCI Security Standards Council (SSC) will soon release version 3.2 of the Payment Card Industry (PCI) – Data Security Standards (DSS), and, based on a preview, it is expected to have more testing for payment system software.

Continue Reading...

Posted in Security Standards and Compliance | Comments Off on PCI DSS v3.2 to require more software testing

 

School libraries vulnerable to ransomware

Over 3 million Internet-accessible servers, including those used in school libraries, are vulnerable to a new strain of ransomware that encrypts data on servers until a fee, usually in bitcoin, is paid, according to a Talso blog from Cisco.

Continue Reading...

Posted in Uncategorized | Comments Off on School libraries vulnerable to ransomware