Software Integrity Blog

Author Archive

Taylor Armerding

tarmerding

Taylor Armerding is an award-winning journalist who left the declining field of mainstream newspapers in 2011 to write in the explosively expanding field of information security. He has previously written for CSO Online and the Sophos blog Naked Security. When he’s not writing he hikes, bikes, golfs, and plays bluegrass music. Follow him on Twitter @tarmerding2.


Posts by Taylor Armerding:

 

Want to secure your apps? Build security in with the right toolchain

Having the right application security toolchain is the most effective way to build security in, which is critical to securing modern apps against attacks.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Software Architecture and Design | Comments Off on Want to secure your apps? Build security in with the right toolchain

 

Bug bounties: A good tool, but don’t make them the only tool in security

Bug bounty programs are becoming more popular. Do they work? What are the pitfalls of crowdsourcing application security testing? Our experts weigh in.

Continue Reading...

Posted in Web Application Security | Comments Off on Bug bounties: A good tool, but don’t make them the only tool in security

 

The days (and nights) of an ‘always on’ sales engineer

Being an IT sales engineer isn’t as glamorous as it seems—but the satisfaction of solving customer problems and performing well under pressure is unmatched.

Continue Reading...

Posted in General | Comments Off on The days (and nights) of an ‘always on’ sales engineer

 

Tanya Janca at RSA on better AppSec: Play nice with DevOps

The DevOps / security relationship is often tense—but does it have to be? At RSA 2019, Tanya Janca explained how teams can play nice, and why they ought to.

Continue Reading...

Posted in Agile, CI/CD & DevOps | Comments Off on Tanya Janca at RSA on better AppSec: Play nice with DevOps

 

At RSA, it is clear encryption divide is as wide as ever

Selective encryption backdoors don’t work; the laws of mathematics don’t know or care who you are. But the concept was still under intense debate at RSA 2019.

Continue Reading...

Posted in General | Comments Off on At RSA, it is clear encryption divide is as wide as ever

 

GDPR: Not heavy-handed yet, but driving data breaches into the open

The GDPR fines issued so far have been small, but breach notifications are up. As GDPR continues to ramp up, it seems likely to achieve its goals of privacy.

Continue Reading...

Posted in Data Breach, Security Standards and Compliance | Comments Off on GDPR: Not heavy-handed yet, but driving data breaches into the open

 

Connected cars need better connection to cybersecurity

Even though auto software security is important to the industry, a new report shows that the lack of resources means connected cars can be dangerously unsafe.

Continue Reading...

Posted in Automotive Security | Comments Off on Connected cars need better connection to cybersecurity

 

Throwback Thursday: Whatever happened to Anthem?

Whatever happened to Anthem? In 2014–2015, the firm suffered the largest healthcare data breach ever. But healthcare cyber security has improved since then.

Continue Reading...

Posted in Data Breach, Healthcare Security | Comments Off on Throwback Thursday: Whatever happened to Anthem?

 

How to improve software security testing in the auto industry

In the automotive industry, security is safety. And auto software security testing, like all security testing, needs to shift left to be effective.

Continue Reading...

Posted in Automotive Security | Comments Off on How to improve software security testing in the auto industry

 

New software standards aim to slow rampant credit card theft

With the new PCI standards, the Payment Card Industry Security Standards Council intends to reduce credit card fraud. But the new standards may not be enough.

Continue Reading...

Posted in Financial Services Security, Security Standards and Compliance | Comments Off on New software standards aim to slow rampant credit card theft