Software Integrity Blog

Author Archive

Taylor Armerding

tarmerding

Taylor Armerding is an award-winning journalist who left the declining field of mainstream newspapers in 2011 to write in the explosively expanding field of information security. He has previously written for CSO Online and the Sophos blog Naked Security. When he’s not writing he hikes, bikes, golfs, and plays bluegrass music. Follow him on Twitter @tarmerding2.


Posts by Taylor Armerding:

 

US vows to go on cyber offense

The original version of this article was published in Forbes. We’re all familiar with saber rattling. But this is the digital age. Welcome to the world of cyber rattling. This version of it comes in two policy papers from the U.S. government: the White House Cyber Policy and the Department of Defense (DoD) Cyber Strategy. One of […]

Continue Reading...

Posted in Critical Infrastructure Security, Government Security | Comments Off on US vows to go on cyber offense

 

BSIMM9: Not a how-to but a roadmap to a better SSI

You’ve probably seen the commercials. Different situations but always the same theme. In one of them, a guy tells his neighbor, “I need to get my roof repaired. Do you know any contractors?” “Uh, yeah, I might,” the neighbor replies. “Great,” says the first guy. “Can you do a free background check on him for […]

Continue Reading...

Posted in Maturity Model (BSIMM) | Comments Off on BSIMM9: Not a how-to but a roadmap to a better SSI

 

How to integrate cloud security into your SSI

Every organization that develops or integrates software needs a software security initiative (SSI)—that has been true for years. Security is, or ought to be, as important as function and features. What is also true now, given that the large majority of organizations have already migrated or are planning to migrate some or all of their […]

Continue Reading...

Posted in Cloud Security | Comments Off on How to integrate cloud security into your SSI

 

Open season on open source, Infinite Campus limited by DDoS, and Mojave’s a bad apple

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? It’s open season on enterprise open source, the Infinite Campus DDoS attack takes the company to its limits, and a Mojave zero-day vulnerability makes that […]

Continue Reading...

Posted in Open Source Security, Weekly Security Mashup | Comments Off on Open season on open source, Infinite Campus limited by DDoS, and Mojave’s a bad apple

 

Things get ‘seriously’ insecure yet again for Facebook

Facebook CEO Mark Zuckerberg has had to use variations of the word “serious” a lot over the past year—most notoriously regarding the social media giant’s sale of member data to Cambridge Analytica, which was viewed as affecting the 2016 presidential election. He had to use it again, and not in a good way, on Friday […]

Continue Reading...

Posted in Data Breach | Comments Off on Things get ‘seriously’ insecure yet again for Facebook

 

IAST defined, plus how it is impacting business-critical software

This article was originally published in Forbes. As one of the endless number of acronyms in the software security industry, IAST doesn’t have much going for it—it’s awkward to pronounce and it’s hard to guess what it stands for. But what is important, of course, is what a string of letters does stand for. And […]

Continue Reading...

Posted in Interactive Application Security Testing (IAST) | Comments Off on IAST defined, plus how it is impacting business-critical software

 

How and why business is migrating to the cloud

It might not be the best thing to have your head in the clouds. But it has become a very good thing, or at least a very popular thing, to have your business in the cloud—multiple surveys confirm it. Druva, a cloud data management and security company, reported last month that moving virtualized workloads to […]

Continue Reading...

Posted in Cloud Security | Comments Off on How and why business is migrating to the cloud

 

Porous portals, Newegg is a broken egg, and Mirai’s creators have new hats

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Porous payment portals lead to government data breaches, Magecart pwns Newegg, and the Mirai creators trade in their black hats for white ones. Watch this week’s […]

Continue Reading...

Posted in Data Breach, Government Security, Weekly Security Mashup | Comments Off on Porous portals, Newegg is a broken egg, and Mirai’s creators have new hats

 

Equifax breach: Catastrophic, but no game changer yet

This article was originally published in Forbes. I hate to say I told you so…well, actually, like most people, I love to say I told you so. I’m just willing to admit it. Because the state of software security a year after the catastrophic data breach of Equifax became public, basically confirms what I wrote last October: […]

Continue Reading...

Posted in Data Breach | Comments Off on Equifax breach: Catastrophic, but no game changer yet

 

Tesla key fob issues, Tor Browser zero-day woes, and you’ve got malware!

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Dude, don’t take my Tesla! Plus Tor Browser zero-day (already wiped away), and you’ve got malware (if you fall for it!). Watch this week’s episode […]

Continue Reading...

Posted in Automotive Security, Weekly Security Mashup | Comments Off on Tesla key fob issues, Tor Browser zero-day woes, and you’ve got malware!