Software Integrity Blog

Author Archive

Taylor Armerding

tarmerding

Taylor Armerding is an award-winning journalist who left the declining field of mainstream newspapers in 2011 to write in the explosively expanding field of information security. He has previously written for CSO Online and the Sophos blog Naked Security. When he’s not writing he hikes, bikes, golfs, and plays bluegrass music. Follow him on Twitter @tarmerding2.


Posts by Taylor Armerding:

 

Why hackers are targeting your web apps (and how to stop them)

How do you protect your web apps from hackers? Forget firewalls. You need an AppSec toolbelt, including software composition analysis and automated testing.

Continue Reading...

Posted in Web Application Security | Comments Off on Why hackers are targeting your web apps (and how to stop them)

 

Get ready for a ransomware tsunami

Ransomware payments might seem like a quick solution to get back on your feet after an attack. But paying the attackers just makes the problem worse.

Continue Reading...

Posted in Security Training & Awareness, Software Security Program | Comments Off on Get ready for a ransomware tsunami

 

Patch now or pay later: Report

To prevent data breaches, practice these two fundamentals: shift left (perform application security testing early and often in your SDLC), and always patch.

Continue Reading...

Posted in Data Breach Security | Comments Off on Patch now or pay later: Report

 

It’s not just you they’re after—it’s your supply chain too

Supply chain attacks are not new. But as the supply chain grows longer and more complex, the attacks are evolving to keep up. Is your supply chain secure?

Continue Reading...

Posted in Software Security Program | Comments Off on It’s not just you they’re after—it’s your supply chain too

 

More medical mega-breaches thanks to third-party insecurity

The AMCA breach hammers home the need for supply chain security. Here’s how to vet your vendors so you can keep from becoming the next Quest or LabCorp.

Continue Reading...

Posted in Data Breach Security, Healthcare Security & Privacy, Software Security Program | Comments Off on More medical mega-breaches thanks to third-party insecurity

 

You’re using open source software, and you need to keep track of it

How should you track open source? It’s almost definitely in your codebase, so the question is not whether to track it but what could happen if you don’t.

Continue Reading...

Posted in Open Source Security, Software Composition Analysis (SCA) | Comments Off on You’re using open source software, and you need to keep track of it

 

Top 4 website security tips for development and hosting

If you design, develop, or host websites for SMBs, your clients are trusting you to keep their data secure. Here are our top 4 website security tips.

Continue Reading...

Posted in Web Application Security | Comments Off on Top 4 website security tips for development and hosting

 

Ransomware succeeds because targets don’t learn from history

How can organizations prevent ransomware attacks? The Atlanta and Baltimore attacks prove that patch management and employee training should take priority.

Continue Reading...

Posted in Security Training & Awareness, Software Security Program | Comments Off on Ransomware succeeds because targets don’t learn from history

 

It’s not just autonomous cars of the future that need security

The future of secure autonomous vehicles starts today. But the auto industry has to overcome some challenges, like shifting left and building security in.

Continue Reading...

Posted in Automotive Cyber Security | Comments Off on It’s not just autonomous cars of the future that need security

 

The cybersecurity workforce executive order: Real potential or wishful thinking?

The cybersecurity executive order of 2019 is meant to boost cyber security skills and improve national defense against growing cyber threats. Will it work?

Continue Reading...

Posted in Security Training & Awareness | Comments Off on The cybersecurity workforce executive order: Real potential or wishful thinking?