Software Integrity

Archive for the 'Government Security' Category

 

Howard Schmidt, the United States’ first Cybersecurity Czar, has died

Howard A. Schmidt, a friend to many in the security community, has died. A statement on his Facebook page says that he died today “in the presence of his wife and four sons … following a long battle with cancer.” Schmidt served as the White House Cybersecurity Advisor to Presidents Barack Obama and George W. […]

Continue Reading...

Posted in Fuzz Testing, Government Security, Medical Device Security, Network Security, Software Security Testing | Comments Off on Howard Schmidt, the United States’ first Cybersecurity Czar, has died

 

Cyberattacks erase Saudi government data

The data on thousands of computers at the headquarters of the General Authority of Civil Aviation in Saudi Arabia was erased starting in mid-November by malware from “outside the country,” according to a state report. On Thursday, the state-run Saudi Press Agency confirmed that a series of attacks on government systems, especially the transportation sector. […]

Continue Reading...

Posted in Data Breach, Government Security, Industrial Control System Security | Comments Off on Cyberattacks erase Saudi government data

 

U.S. cybersecurity plans under a new administration

Little is known about Donald Trump’s actual policies regarding cybersecurity except that it is being discussed as a top-level priority in the new administration. As a candidate, Trump articulated a four-part strategy, however, among security experts it was deemed fairly light-weight in response to the growing threat. “It sounds like a fairly rational, high-level playbook […]

Continue Reading...

Posted in Government Security | Comments Off on U.S. cybersecurity plans under a new administration

 

Cyber supply chain risks identified at CodenomiCON 2016

Experts from UL, government, and industry have established programs for organizations to mitigate risks from exploitable software in their cyber supply chain. On the CodenomiCON 2016 panel Mitigating Software Supply Chain Risks – Gaining Trust of Software in Cyber Assets, moderated by Joe Jarzombek, Global Manager for Software Supply Chain Management for the Synopsys Software […]

Continue Reading...

Posted in Government Security, Security Conference or Event | Comments Off on Cyber supply chain risks identified at CodenomiCON 2016

 

Hear what a former Deputy Assistant AG for National Security said at CodenomiCON 2016

At CodenomiCON 2016, a former U.S. government official talked about changes in cybersecurity perceptions. In a fireside chat, computer scientist Fred Cohen interviewed Luke Dembosky, Cybersecurity Attorney, Debevoise & Plimpton. Dembosky was the former U.S. Deputy Assistant Attorney General for National Security. When asked what are some of the biggest differences with cybersecurity today, Dembosky […]

Continue Reading...

Posted in Government Security, Security Conference or Event | Comments Off on Hear what a former Deputy Assistant AG for National Security said at CodenomiCON 2016

 

OMB issues supply chain risk management (SCRM) guidance

New guidance for US government suppliers includes requirements for software testing. In the Office of Management and Budget (OMB) Circular A-130, published July 28, 2016, requirements for Supply Chain Risk Management (SCRM) were specified for those selling to any US Government organizations, including sub-tier suppliers. This means that suppliers of IoT/ICT components and services, either […]

Continue Reading...

Posted in Government Security, Security Risk Assessment | Comments Off on OMB issues supply chain risk management (SCRM) guidance

 

The Fed hires its first CISO

A retired U.S. Air Force brigadier general will be the U.S. government’s first federal cyber security chief (CISO). As federal CISCO, U.S. Air Force brigadier general Gregory Touhill’s new job will be to protect government networks and critical infrastructure from cyber threats. The position was previously announced last February as part of the creation of […]

Continue Reading...

Posted in Government Security | Comments Off on The Fed hires its first CISO

 

Synopsys supports Presidential Policy Directive 41

New presidential directive outlines threat response and asset response activities and could be enhanced with use of the Synopsys Software Integrity Platform that includes AbuseSA, as well as Coverity, Defensics, Protecode, and Seeker. On Tuesday, the White House published the Presidential Policy Directive-41 (PPD-41) on United States Cyber Incident Coordination. Essentially it establishes a Cyber […]

Continue Reading...

Posted in Government Security | Comments Off on Synopsys supports Presidential Policy Directive 41

 

Russian bug bounty program to target government software

In a bid to harden government software in Russia, the government is discussing a possible bug bounty program. Deputy Communications Minister Aleksei Sokolov said the Russian government is considering what would be one of the first government-run bug bounties. The program would first apply to government-approved software and might expand beyond that. The Russian news […]

Continue Reading...

Posted in Ethical Hacking, Government Security, Vulnerability Assessment | Comments Off on Russian bug bounty program to target government software

 

What are the real security implications of the Hillary Clinton email scandal?

U.S. media coverage of the key politicians fighting for the 2016 presidential nomination is pretty overwhelming. But, at least now we have something worth talking about—the security of the sensitive information in which politicians are handling that could potentially ruin their careers and bring internationally damning implications. So today, let’s take a look at the lessons […]

Continue Reading...

Posted in Data Breach, Government Security | Comments Off on What are the real security implications of the Hillary Clinton email scandal?