Software Integrity Blog

Author Archive

Taylor Armerding

tarmerding

Taylor Armerding is an award-winning journalist who left the declining field of mainstream newspapers in 2011 to write in the explosively expanding field of information security. He has previously written for CSO Online and the Sophos blog Naked Security. When he’s not writing he hikes, bikes, golfs, and plays bluegrass music. Follow him on Twitter @tarmerding2.


Posts by Taylor Armerding:

 

How to help your medical devices meet the UL (and FDA) standard

The recent announcement by the Federal Food and Drug Administration (FDA) that it has adopted the ANSI (American National Standards Institute)-approved UL 2900-2-1 as a “consensus standard” for premarket certification of medical devices means the world is about to change—for the better. Especially for patients.

Continue Reading...

Posted in Healthcare Security, Medical Device Security | Comments Off on How to help your medical devices meet the UL (and FDA) standard

 

Project Zero director exhorts Black Hat audience to do security better

Google’s famous “Don’t be evil” motto got a corollary this week at Black Hat from Parisa Tabriz, director of engineering for the company’s Project Zero: “Do things better.”

Continue Reading...

Posted in General | Comments Off on Project Zero director exhorts Black Hat audience to do security better

 

Codenomi-con speakers agree: Bringing back privacy requires citizen action

We keep hearing that privacy is dead. But there is a good chance that a lot of us still aren’t aware of just how dead. So this week Synopsys presented codenomi-con, in connection with the Black Hat conference in Las Vegas, offering reminders about that reality in both government and the private sector. At the most exclusive cyber security event of the year, Black Hat attendees networked and boosted their data privacy knowledge. Codenomi-con, whose agenda was packed full of experts in both cyber security and data privacy, kick-started Black Hat. Your data should be private, but is it? Cyrus Farivar, senior tech policy reporter at Ars Technica and one of those who are very much aware, presented the government’s role in data privacy in a keynote based on his most recent book, “Habeas Data.”

Continue Reading...

Posted in General, Healthcare Security | Comments Off on Codenomi-con speakers agree: Bringing back privacy requires citizen action

 

NetSpectre: An ominous Spectre variant, but no immediate danger

NetSpectre sounds like it could be Spectre on steroids.

Continue Reading...

Posted in General | Comments Off on NetSpectre: An ominous Spectre variant, but no immediate danger

 

Third-party security, Russian grid meddling, and patch Apache!

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Third-party security party poopers, more Russian meddling in the grid, and patch Apache. Watch this episode below:

Continue Reading...

Posted in General, Internet of Things, Open Source Security | Comments Off on Third-party security, Russian grid meddling, and patch Apache!

 

Seeker is a better IAST tool—You can count the ways

The need for web apps to be secure is demonstrated at least weekly, if not daily. At the end of June, just two of several examples were the U.K. branch of the ticket-selling giant Ticketmaster, breached because of vulnerable code on its payments page, and a collection of around 4,000 hotels that relied on booking software from the French company FastBooking. Attackers were able to steal the personal information of an unknown number of guests owing to vulnerabilities in the company’s web app.

Continue Reading...

Posted in Interactive Application Security Testing (IAST) | Comments Off on Seeker is a better IAST tool—You can count the ways

 

SingHealth hit with ‘unprecedented’ cyber attack

After the SingHealth cyber attack, it took a week for attackers to steal the personal data of 1.5 million people—about a quarter of the city-state’s population.

Continue Reading...

Posted in Data Breach, Healthcare Security | Comments Off on SingHealth hit with ‘unprecedented’ cyber attack

 

IAST—A better bugtrap

IAST (interactive application security testing) is a better way to find bugs during the SDLC. And you know what they say about building a better mousetrap.

Continue Reading...

Posted in Interactive Application Security Testing (IAST) | Comments Off on IAST—A better bugtrap

 

FDA adopts UL 2900-2-1, improves cyber security of connected medical devices

The cyber security of connected medical devices, notoriously poor for decades, could finally start to improve.

Continue Reading...

Posted in Healthcare Security, Medical Device Security | Comments Off on FDA adopts UL 2900-2-1, improves cyber security of connected medical devices

 

Ghost GPS routes, smart TVs are watching you, and securing open source

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Ghost route GPS hacks, smart TVs are watching you, and securing open source. Watch the latest episode below:

Continue Reading...

Posted in Automotive Security, General, Open Source Security | Comments Off on Ghost GPS routes, smart TVs are watching you, and securing open source