Software Integrity Blog

Author Archive

Robert Vamosi

robertvamosi


Posts by Robert Vamosi:

 

Automotive security goes beyond the car

There’s been a fair share of attention paid to the security inside the connected car. There’s also been a significant uptick in new devices and apps that communicate with the vehicle from afar. These devices and apps use traditional means of communication (e.g., Bluetooth, Wi-Fi, etc.). They also make some very common software mistakes. For instance, lacking proper authentication of users and commands, potentially putting the end user at risk, both for physical harm and data loss.

Continue Reading...

Posted in Automotive Cyber Security, Mobile App Security

 

DoublePulsar continues to expose older Windows boxes: What you need to know

A metasploit module already exists to deploy meterpreter over DoublePulsar. Don’t hesitate to update with MS17-010, which fixes the underlying SMB issues.

Continue Reading...

Posted in Data Breach Security, Software Architecture & Design

 

Hajime and Mirai locked in an IoT botnet turf war

Last fall, someone released a benign worm looking to protect Internet of Things (IoT) devices from more dangerous worms. Known as Hajime, the vigilante malware appears to be designed to block another IoT worm, Mirai. The two are chasing each other around the world. Each are locked in a weird internet turf war seemingly bent on IoT domination and we have already seen collateral damage from it. Virus vs worm First, some basic terminology here.

Continue Reading...

Posted in IoT Security

 

Secure automotive software at any speed

The features that drive new car sales today are increasingly based on software. Drivers want their own music. They want to stay connected with their digital world. They want digital assistants to help park or even drive autonomously.

Continue Reading...

Posted in Automotive Cyber Security

 

What happens when dishwashers attack the network?

Continue Reading...

Posted in IoT Security

 

Does software quality equal software security? It depends.

Software quality and security assurance both concern risk to the organization, but they do so for different reasons. Risk might be mission critical such as software on a scientific robot crawling another planet. Or risk might be associated with sensitive financial information. In the first example the integrity of the software is paramount; it is hard to fix something on another planet. In the latter example both quality and security are important, with security perhaps paramount.

Continue Reading...

Posted in Software Architecture & Design, Software Compliance, Quality & Standards, Software Composition Analysis (SCA)

 

Zeroing in on zero day vulnerabilities

Earlier this month WikiLeaks announced it had in its possession a cache of zero days allegedly from the Central Intelligence Agency. These unpatched vulnerabilities, it said, could affect Apple and Android devices (including TVs). It is suspected that exploitation of these vulnerabilities could allow the spy agency – or anyone else who knows about them — to surveil targets by activating microphones and receivers as well as eavesdropping on communications.

Continue Reading...

Posted in Fuzz Testing, Static Analysis (SAST)

 

Sophia Goreczky is the recipient of the 2017 YWCA Emerging Leader Award

Sophia Goreczky, senior user experience designer with the Synopsys Software Integrity Group, is the recipient of 2017 YWCA Emerging Leader Award.

Continue Reading...

Posted in News & Announcements

 

Howard Schmidt, the United States’ first Cybersecurity Czar, has died

Continue Reading...

Posted in Application Security

 

Responsible disclosure on a timetable

Continue Reading...

Posted in Healthcare Security & Privacy, Software Architecture & Design