Software Integrity Blog

Archive for the 'Government Security' Category

 

Microsoft acquires GitHub, Election Insecurity, and Ticketfly data breach

  Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and unsecurity in this week’s Security Mashup episode. What’s in this week’s Security Mashup episode, you ask? GitHub acquired by Microsoft, election insecurity persists, and the Ticketfly data breach.  Play this week’s episode below:   Microsoft has snapped up […]

Continue Reading...

Posted in Data Breach, Government Security, Open Source Security, Weekly Security Mashup

 

DEF CON 25 exposes voting system vulnerabilities

It took security researchers only minutes to gain access to more than a dozen voting machines at last month’s DEF CON security conference. The nearly two dozen machines, all purchased from eBay and government auctions, are considered representative of the wide variety of electronic voting systems in use today. One even contained actual voting data from […]

Continue Reading...

Posted in Data Breach, Government Security

 

Smart devices, smart grids, and cyber security

A recent “Innovation Spotlight” in the IEEE XPLORE Digital Library announced “a first-of-its-kind charger that allows plug-in electric vehicles (PEVs) to deliver excess capacity to the power grid and recharge during off-peak hours.” Promising new technologies often evoke questions about security. Suppose a bad actor exploits the connection somehow and brings down portions of the […]

Continue Reading...

Posted in Critical Infrastructure Security, Government Security, Maturity Model (BSIMM), Security Standards and Compliance

 

How will new IoT legislation strengthen the future of cyber security?

New legislation proposed this month in U.S. Congress seeks to mitigate the risk of botnets commandeering Internet of Things (IoT) devices used in the U.S. government. The Internet of Things Cybersecurity Improvement Act of 2017 is a proposal from Sens. Mark R. Warner (D-Va.) and Cory Gardner (R-Colo.), co-chairs of the Senate Cybersecurity Caucus, along […]

Continue Reading...

Posted in Government Security, Internet of Things

 

Cyber attacks erase Saudi government data

The data on thousands of computers at the headquarters of the General Authority of Civil Aviation in Saudi Arabia was erased starting in mid-November by malware from “outside the country,” according to a state report. On Thursday, the state-run Saudi Press Agency confirmed that a series of cyber attacks on government systems, especially the transportation […]

Continue Reading...

Posted in Critical Infrastructure Security, Data Breach, Government Security

 

U.S. cybersecurity plans under a new administration

Little is known about Donald Trump’s actual policies regarding cybersecurity except that it is being discussed as a top-level priority in the new administration. As a candidate, Trump articulated a four-part strategy, however, among security experts it was deemed fairly light-weight in response to the growing threat. “It sounds like a fairly rational, high-level playbook […]

Continue Reading...

Posted in Government Security

 

Study suggests smart cities lack critical cyber security protections

A new survey of government IT officials faults smart cities with a lack of cyber security protection. A survey of 203 IT professionals working for state and local governments conducted by Tripwire finds 98% of government IT professionals see smart cities as not having adequate protection from cyber attacks. In particular, 27% faulted public Wi-Fi, […]

Continue Reading...

Posted in Archive, Critical Infrastructure Security, Government Security

 

Cyber supply chain risks identified at CodenomiCON 2016

Experts from UL, government, and industry have established programs for organizations to mitigate risks from exploitable software in their cyber supply chain. On the CodenomiCON 2016 panel Mitigating Software Supply Chain Risks – Gaining Trust of Software in Cyber Assets, moderated by Joe Jarzombek, Global Manager for Software Supply Chain Management for the Synopsys Software […]

Continue Reading...

Posted in Government Security, Webinars

 

Hear what a former Deputy Assistant AG for National Security said at CodenomiCON 2016

At CodenomiCON 2016, a former U.S. government official talked about changes in cybersecurity perceptions. In a fireside chat, computer scientist Fred Cohen interviewed Luke Dembosky, Cybersecurity Attorney, Debevoise & Plimpton. Dembosky was the former U.S. Deputy Assistant Attorney General for National Security. When asked what are some of the biggest differences with cybersecurity today, Dembosky […]

Continue Reading...

Posted in Government Security, Webinars

 

OMB issues supply chain risk management (SCRM) guidance

New guidance for US government suppliers includes requirements for software testing. In the Office of Management and Budget (OMB) Circular A-130, published July 28, 2016, requirements for Supply Chain Risk Management (SCRM) were specified for those selling to any US Government organizations, including sub-tier suppliers. This means that suppliers of IoT/ICT components and services, either […]

Continue Reading...

Posted in Government Security, Software Architecture and Design