Software Integrity Blog

Author Archive

Taylor Armerding

tarmerding

Taylor Armerding is an award-winning journalist who left the declining field of mainstream newspapers in 2011 to write in the explosively expanding field of information security. He has previously written for CSO Online and the Sophos blog Naked Security. When he’s not writing he hikes, bikes, golfs, and plays bluegrass music. Follow him on Twitter @tarmerding2.


Posts by Taylor Armerding:

 

Project Zero director exhorts Black Hat audience to do security better

Google’s famous “Don’t be evil” motto got a corollary this week at Black Hat from Parisa Tabriz, director of engineering for the company’s Project Zero: “Do things better.”

Continue Reading...

Posted in General | Comments Off on Project Zero director exhorts Black Hat audience to do security better

 

Codenomi-con speakers agree: Bringing back privacy requires citizen action

The experts at our 2018 codenomi-con event at Black Hat had a lot of opinions about data privacy. But they agreed on an essential element: citizen action.

Continue Reading...

Posted in General | Comments Off on Codenomi-con speakers agree: Bringing back privacy requires citizen action

 

NetSpectre: An ominous Spectre variant, but no immediate danger

NetSpectre sounds like it could be Spectre on steroids.

Continue Reading...

Posted in General | Comments Off on NetSpectre: An ominous Spectre variant, but no immediate danger

 

Third-party security, Russian grid meddling, and patch Apache!

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Third-party security party poopers, more Russian meddling in the grid, and patch Apache. Watch this episode below:

Continue Reading...

Posted in General, Internet of Things, Open Source Security | Comments Off on Third-party security, Russian grid meddling, and patch Apache!

 

Seeker is a better IAST tool—You can count the ways

The need for web apps to be secure is demonstrated at least weekly, if not daily. At the end of June, just two of several examples were the U.K. branch of the ticket-selling giant Ticketmaster, breached because of vulnerable code on its payments page, and a collection of around 4,000 hotels that relied on booking software from the French company FastBooking. Attackers were able to steal the personal information of an unknown number of guests owing to vulnerabilities in the company’s web app.

Continue Reading...

Posted in Interactive Application Security Testing (IAST) | Comments Off on Seeker is a better IAST tool—You can count the ways

 

SingHealth hit with ‘unprecedented’ cyber attack

After the SingHealth cyber attack, it took a week for attackers to steal the personal data of 1.5 million people—about a quarter of the city-state’s population.

Continue Reading...

Posted in Data Breach, Healthcare Security | Comments Off on SingHealth hit with ‘unprecedented’ cyber attack

 

IAST—A better bugtrap

IAST (interactive application security testing) is a better way to find bugs during the SDLC. And you know what they say about building a better mousetrap.

Continue Reading...

Posted in Interactive Application Security Testing (IAST) | Comments Off on IAST—A better bugtrap

 

FDA adopts UL 2900-2-1, improves cyber security of connected medical devices

The cyber security of connected medical devices, notoriously poor for decades, could finally start to improve.

Continue Reading...

Posted in Healthcare Security, Medical Device Security | Comments Off on FDA adopts UL 2900-2-1, improves cyber security of connected medical devices

 

Ghost GPS routes, smart TVs are watching you, and securing open source

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Ghost route GPS hacks, smart TVs are watching you, and securing open source. Watch the latest episode below:

Continue Reading...

Posted in Automotive Security, General, Open Source Security | Comments Off on Ghost GPS routes, smart TVs are watching you, and securing open source

 

Ukraine dodges attack, but VPNFilter threat remains

Ukraine had been warned. So it was prepared.

Continue Reading...

Posted in General, Internet of Things | Comments Off on Ukraine dodges attack, but VPNFilter threat remains