Software Integrity Blog

Author Archive

Taylor Armerding

tarmerding

Taylor Armerding is an award-winning journalist who left the declining field of mainstream newspapers in 2011 to write in the explosively expanding field of information security. He has previously written for CSO Online and the Sophos blog Naked Security. When he’s not writing he hikes, bikes, golfs, and plays bluegrass music. Follow him on Twitter @tarmerding2.


Posts by Taylor Armerding:

 

How to help your medical devices meet the UL (and FDA) standard

The recent announcement by the Federal Food and Drug Administration (FDA) that it has adopted the ANSI (American National Standards Institute)-approved UL 2900-2-1 as a “consensus standard” for premarket certification of medical devices means the world is about to change—for the better. Especially for patients. Any effort to overhaul the cyber security of connected medical […]

Continue Reading...

Posted in Healthcare Security, Medical Device Security | Comments Off on How to help your medical devices meet the UL (and FDA) standard

 

Project Zero director exhorts Black Hat audience to do security better

Google’s famous “Don’t be evil” motto got a corollary this week at Black Hat from Parisa Tabriz, director of engineering for the company’s Project Zero: “Do things better.” “We have a responsibility to do things better. Computer security is becoming the security of the world,” she said during her Wednesday morning keynote in Mandalay Bay’s […]

Continue Reading...

Posted in Webinars | Comments Off on Project Zero director exhorts Black Hat audience to do security better

 

Codenomi-con speakers agree: Bringing back privacy requires citizen action

We keep hearing that privacy is dead. But there is a good chance that a lot of us still aren’t aware of just how dead. So this week Synopsys presented codenomi-con, in connection with the Black Hat conference in Las Vegas, offering reminders about that reality in both government and the private sector. At the […]

Continue Reading...

Posted in Events, Healthcare Security, Privacy, Webinars | Comments Off on Codenomi-con speakers agree: Bringing back privacy requires citizen action

 

NetSpectre: An ominous Spectre variant, but no immediate danger

NetSpectre sounds like it could be Spectre on steroids. Then again, it sounds like it could be more like a lab mutation of probably the most serious design flaw in CPUs (central processing units) or computer chips in a generation—interesting, but not much of a threat in the real world. At least not yet. So […]

Continue Reading...

Posted in General | Comments Off on NetSpectre: An ominous Spectre variant, but no immediate danger

 

Third-party security, Russian grid meddling, and patch Apache!

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Third-party security party poopers, more Russian meddling in the grid, and patch Apache. Watch this episode below: , Robotics supplier’s sloppy security leaks 10 years’ […]

Continue Reading...

Posted in Internet of Things, Open Source Security, Weekly Security Mashup | Comments Off on Third-party security, Russian grid meddling, and patch Apache!

 

Seeker is a better IAST tool—You can count the ways

The need for web apps to be secure is demonstrated at least weekly, if not daily. At the end of June, just two of several examples were the U.K. branch of the ticket-selling giant Ticketmaster, breached because of vulnerable code on its payments page, and a collection of around 4,000 hotels that relied on booking […]

Continue Reading...

Posted in Interactive Application Security Testing (IAST) | Comments Off on Seeker is a better IAST tool—You can count the ways

 

Singapore healthcare hit with ‘unprecedented’ cyber attack

It apparently took just about a week after cyber attackers broke into SingHealth, Singapore’s largest healthcare group, for them to steal the “non-medical personal particulars” of 1.5 million people—about a quarter of the city-state’s population—plus “information on outpatient dispensed medicines” of about 160,000 of them. SingHealth (Singapore Health Services) operates two tertiary hospitals, five national […]

Continue Reading...

Posted in Healthcare Security | Comments Off on Singapore healthcare hit with ‘unprecedented’ cyber attack

 

IAST—A better bugtrap

Everybody’s heard the cliché that if you build a better mousetrap, the world will beat a path to your door. The same applies to building a better bugtrap—as in software bug. Which is why developers ought to be beating a path to a tool that offers a better way to find bugs during the SDLC […]

Continue Reading...

Posted in Interactive Application Security Testing (IAST) | Comments Off on IAST—A better bugtrap

 

FDA adopts UL 2900-2-1, improves cyber security of connected medical devices

The cyber security of connected medical devices, notoriously poor for decades, could finally start to improve. The June 6 announcement by the federal Food and Drug Administration (FDA) on a change in the premarket certification process of devices was low-key—11 pages of dense bureaucratese buried within tens of thousands of pages in the Federal Register. […]

Continue Reading...

Posted in Healthcare Security, Medical Device Security | Comments Off on FDA adopts UL 2900-2-1, improves cyber security of connected medical devices

 

Ghost GPS routes, smart TVs are watching you, and securing open source

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Ghost route GPS hacks, smart TVs are watching you, and securing open source. Watch the latest episode below:     A $225 GPS spoofer can […]

Continue Reading...

Posted in Automotive Security, Open Source Security, Weekly Security Mashup | Comments Off on Ghost GPS routes, smart TVs are watching you, and securing open source