Software Integrity Blog

Author Archive

Taylor Armerding

tarmerding

Taylor Armerding is an award-winning journalist who left the declining field of mainstream newspapers in 2011 to write in the explosively expanding field of information security. He has previously written for CSO Online and the Sophos blog Naked Security. When he’s not writing he hikes, bikes, golfs, and plays bluegrass music. Follow him on Twitter @tarmerding2.


Posts by Taylor Armerding:

 

‘Cyber Pearl Harbor’ unlikely, but critical infrastructure needs a major upgrade | NCSAM at Synopsys

Officials have warned for decades of a “cyber Pearl Harbor” or “cyber 9/11” kind of attack on the nation’s critical infrastructure. Yet no attack has come. It’s either because our attackers can’t do it or haven’t really wanted to so far—and “can’t” seems less likely every day. Are we prepared for what’s next? The original version of […]

Continue Reading...

Posted in Critical Infrastructure Security | Comments Off on ‘Cyber Pearl Harbor’ unlikely, but critical infrastructure needs a major upgrade | NCSAM at Synopsys

 

Cooking up digital privacy, indecent (data) exposure, and just another zero-day

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Cook calls for digital privacy laws, user data exposed in the Wife Lovers hack, and just another Windows zero-day. Watch this week’s episode here:   Tim […]

Continue Reading...

Posted in Data Breach, Privacy, Weekly Security Mashup | Comments Off on Cooking up digital privacy, indecent (data) exposure, and just another zero-day

 

Want to close the software security skills gap? Tanya Janca says start mentoring!

Tanya Janca believes that one of the reasons most connected products are insecure from day one is the software security skills gap that comes from developers not learning security in school. Her solution: Those who know should teach those who don’t. Janca discusses mentoring in the software security industry with us. Tanya Janca has no […]

Continue Reading...

Posted in General | Comments Off on Want to close the software security skills gap? Tanya Janca says start mentoring!

 

Lance Spitzner: How to secure the human operating system | NCSAM at Synopsys

The original version of this article was published in Forbes. If it is everyone’s job to ensure online safety at work, that means everyone needs more and better training in how to do it. One of those on the front lines of that effort is Lance Spitzner, director at SANS Security Awareness. Spitzner, a security awareness trainer […]

Continue Reading...

Posted in General | Comments Off on Lance Spitzner: How to secure the human operating system | NCSAM at Synopsys

 

For sale: voter data, ‘unbowed’ by Florence or ransomware, and binding email security

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Voter records for sale on the dark web, what the ONWASA ransomware attack says about the state of critical infrastructure security, and the government does […]

Continue Reading...

Posted in Weekly Security Mashup | Comments Off on For sale: voter data, ‘unbowed’ by Florence or ransomware, and binding email security

 

Retail joins the BSIMM—finally

The BSIMM—Building Security In Maturity Model—is now into its 10th year of being a self-described “measuring stick for software security” for multiple industries. But there are still newcomers—this year it’s retail. Ten retail firms participated in BSIMM9, which tracks the development of SSIs (software security initiatives) by organization based on 116 possible activities, grouped into […]

Continue Reading...

Posted in Maturity Model (BSIMM) | Comments Off on Retail joins the BSIMM—finally

 

Better passwords in California won’t help much

California is all done with weak passwords. Well, not right now, but it says it will be done with them for internet-connected devices in another 14 months—starting Jan. 1, 2020. From then on, the Information Privacy: Connected Devices bill, signed earlier this month by Gov. Jerry Brown, will require each such device to have a […]

Continue Reading...

Posted in Internet of Things, Legal, Security Standards and Compliance | Comments Off on Better passwords in California won’t help much

 

Cyber security: Not just ‘a’ job but many jobs of the future | NCSAM at Synopsys

Cyber security jobs are dynamic, stimulating, and in high demand as cyber threats multiply out of control. What can we do to make sure these jobs are filled?

Continue Reading...

Posted in General | Comments Off on Cyber security: Not just ‘a’ job but many jobs of the future | NCSAM at Synopsys

 

Make your home both smart and secure | NCSAM at Synopsys

The original version of this article was published in Forbes. “Smart but insecure” sounds like you’re talking about a high achiever who needs therapy. Which you could be. But in the online world, it applies to semi-animate objects—the hundreds of millions of devices in American homes that are, at one level, smart. They range from […]

Continue Reading...

Posted in Internet of Things | Comments Off on Make your home both smart and secure | NCSAM at Synopsys

 

Remote robbery, an ‘IT incident’ (not a breach?), and face-off on privacy

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Remote robbery by Hidden Cobra, a breach by any other name, and facing down the Fourth and Fifth Amendments. Watch this week’s episode here: Hidden […]

Continue Reading...

Posted in Weekly Security Mashup | Comments Off on Remote robbery, an ‘IT incident’ (not a breach?), and face-off on privacy