Software Integrity Blog

Author Archive

Taylor Armerding

tarmerding

Taylor Armerding is an award-winning journalist who left the declining field of mainstream newspapers in 2011 to write in the explosively expanding field of information security. He has previously written for CSO Online and the Sophos blog Naked Security. When he’s not writing he hikes, bikes, golfs, and plays bluegrass music. Follow him on Twitter @tarmerding2.


Posts by Taylor Armerding:

 

Make your home both smart and secure | NCSAM at Synopsys

The original version of this article was published in Forbes.

Continue Reading...

Posted in IoT Security | Comments Off on Make your home both smart and secure | NCSAM at Synopsys

 

Remote robbery, an ‘IT incident’ (not a breach?), and face-off on privacy

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Remote robbery by Hidden Cobra, a breach by any other name, and facing down the Fourth and Fifth Amendments. Watch this week’s episode here:

Continue Reading...

Posted in Application Security | Comments Off on Remote robbery, an ‘IT incident’ (not a breach?), and face-off on privacy

 

US vows to go on cyber offense

The White House and DoD have said that the U.S. will no longer just defend against cyber attacks. Attackers should expect U.S. cyber offense to be ready.

Continue Reading...

Posted in Application Security | Comments Off on US vows to go on cyber offense

 

BSIMM9: Not a how-to but a roadmap to a better SSI

The BSIMM isn’t a “how to” on developing an SSI. It’s a “what’s happening now” guide, based on SSI activities and tools used at 120 participating companies.

Continue Reading...

Posted in Software Security Program | Comments Off on BSIMM9: Not a how-to but a roadmap to a better SSI

 

How to integrate cloud security into your SSI

Every organization that develops or integrates software needs a software security initiative (SSI)—that has been true for years. Security is, or ought to be, as important as function and features.

Continue Reading...

Posted in Cloud Security | Comments Off on How to integrate cloud security into your SSI

 

Open season on open source, Infinite Campus limited by DDoS, and Mojave’s a bad apple

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? It’s open season on enterprise open source, the Infinite Campus DDoS attack takes the company to its limits, and a Mojave zero-day vulnerability makes that macOS a bad apple. Watch this week’s episode here:

Continue Reading...

Posted in Open Source Security | Comments Off on Open season on open source, Infinite Campus limited by DDoS, and Mojave’s a bad apple

 

Things get ‘seriously’ insecure yet again for Facebook

Facebook CEO Mark Zuckerberg has had to use variations of the word “serious” a lot over the past year—most notoriously regarding the social media giant’s sale of member data to Cambridge Analytica, which was viewed as affecting the 2016 presidential election.

Continue Reading...

Posted in Data Breach Security | Comments Off on Things get ‘seriously’ insecure yet again for Facebook

 

IAST defined, plus how it is impacting business-critical software

Continue Reading...

Posted in Interactive Application Security Testing (IAST) | Comments Off on IAST defined, plus how it is impacting business-critical software

 

How and why business is migrating to the cloud

Most businesses either have a cloud migration strategy or have already moved. Cloud is simply better than on-premises—and not just because of lower costs.

Continue Reading...

Posted in Cloud Security | Comments Off on How and why business is migrating to the cloud

 

Porous portals, Newegg is a broken egg, and Mirai’s creators have new hats

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Porous payment portals lead to government data breaches, Magecart pwns Newegg, and the Mirai creators trade in their black hats for white ones. Watch this week’s episode here:

Continue Reading...

Posted in Data Breach Security | Comments Off on Porous portals, Newegg is a broken egg, and Mirai’s creators have new hats