Software Integrity Blog

Author Archive

Taylor Armerding

tarmerding

Taylor Armerding is an award-winning journalist who left the declining field of mainstream newspapers in 2011 to write in the explosively expanding field of information security. He has previously written for CSO Online and the Sophos blog Naked Security. When he’s not writing he hikes, bikes, golfs, and plays bluegrass music. Follow him on Twitter @tarmerding2.


Posts by Taylor Armerding:

 

BSIMM9: Not a how-to but a roadmap to a better SSI

The BSIMM isn’t a “how to” on developing an SSI. It’s a “what’s happening now” guide, based on SSI activities and tools used at 120 participating companies.

Continue Reading...

Posted in Maturity Model (BSIMM) | Comments Off on BSIMM9: Not a how-to but a roadmap to a better SSI

 

How to integrate cloud security into your SSI

Every organization that develops or integrates software needs a software security initiative (SSI)—that has been true for years. Security is, or ought to be, as important as function and features.

Continue Reading...

Posted in Cloud Security | Comments Off on How to integrate cloud security into your SSI

 

Open season on open source, Infinite Campus limited by DDoS, and Mojave’s a bad apple

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? It’s open season on enterprise open source, the Infinite Campus DDoS attack takes the company to its limits, and a Mojave zero-day vulnerability makes that macOS a bad apple. Watch this week’s episode here:

Continue Reading...

Posted in General, Open Source Security | Comments Off on Open season on open source, Infinite Campus limited by DDoS, and Mojave’s a bad apple

 

Things get ‘seriously’ insecure yet again for Facebook

Facebook CEO Mark Zuckerberg has had to use variations of the word “serious” a lot over the past year—most notoriously regarding the social media giant’s sale of member data to Cambridge Analytica, which was viewed as affecting the 2016 presidential election.

Continue Reading...

Posted in Data Breach | Comments Off on Things get ‘seriously’ insecure yet again for Facebook

 

IAST defined, plus how it is impacting business-critical software

Continue Reading...

Posted in Interactive Application Security Testing (IAST) | Comments Off on IAST defined, plus how it is impacting business-critical software

 

How and why business is migrating to the cloud

It might not be the best thing to have your head in the clouds. But it has become a very good thing, or at least a very popular thing, to have your business in the cloud—multiple surveys confirm it.

Continue Reading...

Posted in Cloud Security | Comments Off on How and why business is migrating to the cloud

 

Porous portals, Newegg is a broken egg, and Mirai’s creators have new hats

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Porous payment portals lead to government data breaches, Magecart pwns Newegg, and the Mirai creators trade in their black hats for white ones. Watch this week’s episode here:

Continue Reading...

Posted in Data Breach, General | Comments Off on Porous portals, Newegg is a broken egg, and Mirai’s creators have new hats

 

Equifax breach: Catastrophic, but no game changer yet

The Equifax breach generated plenty of sound and fury. Has the government responded with stricter regulation? Have companies stepped up their security game?

Continue Reading...

Posted in Data Breach | Comments Off on Equifax breach: Catastrophic, but no game changer yet

 

Tesla key fob issues, Tor Browser zero-day woes, and you’ve got malware!

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Dude, don’t take my Tesla! Plus Tor Browser zero-day (already wiped away), and you’ve got malware (if you fall for it!). Watch this week’s episode here:

Continue Reading...

Posted in Automotive Security, General | Comments Off on Tesla key fob issues, Tor Browser zero-day woes, and you’ve got malware!

 

Medical device security improvements coming—but not anytime soon

Will the cyber security of medical devices improve with the FDA’s adoption of UL 2900-2-1? Most devices weren’t designed to be connected to the internet.

Continue Reading...

Posted in Healthcare Security, Medical Device Security | Comments Off on Medical device security improvements coming—but not anytime soon