Software Integrity Blog

Author Archive

Robert Vamosi

robertvamosi


Posts by Robert Vamosi:

 

With comparisons to Heartbleed, Cloudbleed may affect millions

The new Cloudbleed vulnerability, like Heartbleed, was discovered through routine fuzz testing and may affect 5.5 million websites and millions of users.

Continue Reading...

Posted in Cloud Security, Fuzz Testing | Comments Off on With comparisons to Heartbleed, Cloudbleed may affect millions

 

Bug elimination: Code scanning, fuzzing, and composition analysis

When it comes to software vulnerabilities, Dr. Jared DeMott knows his stuff. Formerly a vulnerability analyst with the National Security Agency (NSA), Dr. DeMott holds a Ph.D. from Michigan State University. He has been on three winning DEF CON capture-the-flag (CTF) teams and talks about his vulnerability research at conferences like DerbyCon, Black Hat, ToorCon, GrrCON, and HITB. He is currently the co-founder of VDA Labs.

Continue Reading...

Posted in Fuzz Testing, Software Composition Analysis (SCA), Static Analysis (SAST), Web Application Security | Comments Off on Bug elimination: Code scanning, fuzzing, and composition analysis

 

Internet of Things (IoT): Rethinking the threat model

Continue Reading...

Posted in IoT Security, Software Architecture & Design | Comments Off on Internet of Things (IoT): Rethinking the threat model

 

Ticketbleed: The next black swan

Ticketbleed is a software vulnerability in a feature of the TLS/SSL stack that allows a remote attacker to extract sensitive information.

Continue Reading...

Posted in Fuzz Testing, Software Composition Analysis (SCA) | Comments Off on Ticketbleed: The next black swan

 

Gary McGraw’s Shmoocon keynote recaps security career with advice

Gary McGraw provided this year’s keynote address at Shmoocon, held January 13-15 at the Washington Hilton in Washington, D.C. His talk, Seven Things: Frank Zappa, T. Coraghessan Boyle, and 21 Years in Security” touches upon valuable insights gleaned over his more than 21 years in software security. It also reflects his many interests.

Continue Reading...

Posted in Security Training & Awareness, Software Architecture & Design | Comments Off on Gary McGraw’s Shmoocon keynote recaps security career with advice

 

Minecraft and the Mirai IoT botnet connection

Gamers, warring over turf, may have launched the Mirai botnet, according to research by Brian Krebs at Krebs on Security.

Continue Reading...

Posted in IoT Security | Comments Off on Minecraft and the Mirai IoT botnet connection

 

Podcast: MISRA and software testing

Standards. Whether they are advisory or compulsory, standards developed for code development promote safety, quality, and security. This is especially important in life-critical industries such as automotive and medical. One example is MISRA C which provides software development guidelines for the C programming language.

Continue Reading...

Posted in Static Analysis (SAST) | Comments Off on Podcast: MISRA and software testing

 

Podcast: The good and the bad of Heartbleed, Part 2

Two years after the vulnerability in OpenSSL known as Heartbleed there remain valuable lessons still to be learned both about how vulnerabilities are discovered and how the security community should respond.

Continue Reading...

Posted in Open Source Security, Software Architecture & Design | Comments Off on Podcast: The good and the bad of Heartbleed, Part 2

 

Podcast: Billy Rios on the good and the bad of Heartbleed, Part 1

Two years after its disclosure, the vulnerability in OpenSSL known as Heartbleed remains significant. There are valuable lessons still to be learned both about how the vulnerability was initially discovered and how the security community has responded over time.

Continue Reading...

Posted in Fuzz Testing, IoT Security, Open Source Security | Comments Off on Podcast: Billy Rios on the good and the bad of Heartbleed, Part 1

 

Irongate attacks ICS Siemens Step 7 PLCs—Similar to Stuxnet

A new family of ICS-focused malware, dubbed Irongate, interferes with industrial process running within a simulated Siemens control system environment.

Continue Reading...

Posted in Application Security | Comments Off on Irongate attacks ICS Siemens Step 7 PLCs—Similar to Stuxnet