Software Integrity

Archive for the 'Internet of Things' Category

 

The IoT: Too big (and buggy) to patch?

The Internet of Things (IoT) will never be too big to fail, although it is hard to conceive of the entire thing failing at once, unless every power grid on the planet goes down simultaneously. But it is in danger of increasing incremental failure because it is too big to patch, according to author, encryption […]

Continue Reading...

Posted in Application Security, Featured, Internet of Things | Comments Off on The IoT: Too big (and buggy) to patch?

 

Digital license plates, GDPR risks and hackers, security bugs in AI robots

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup episode. What’s in this week’s Security Mashup episode, you ask? California puts a lot on your plate, the law of unintended consequences as it related to GDPR risks, and porous pepper. Watch the entire […]

Continue Reading...

Posted in Application Security, Internet of Things, Weekly Security Mashup | Comments Off on Digital license plates, GDPR risks and hackers, security bugs in AI robots

 

VPNFilter, BMW connected car vulnerability, and Nest IoT devices go offline

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup episode. What’s in this week’s episode, you ask? Russia vs. Ukraine, Beemer as the ultimate hackable machine, and Nest “smart home” devices. Learn more by watching the full episode below:   New VPNFilter […]

Continue Reading...

Posted in Application Security, Automotive Security, Internet of Things, Vulnerability Assessment, Weekly Security Mashup | Comments Off on VPNFilter, BMW connected car vulnerability, and Nest IoT devices go offline

 

Data breaches, SirenJack, and serverless apps vulns

It’s nearly an all-Tim Mackey issue of Software Integrity Insight as our technical evangelist weighs in on data breaches, container adoption, GitHub, and open source serverless applications. Other stories in this week’s software integrity news include the SirenJack vulnerability, a security vulnerability potentially putting warning sirens across the city of San Francisco at risk, and […]

Continue Reading...

Posted in Application Security, Containers, Data Breach, Internet of Things, Open Source Security | Comments Off on Data breaches, SirenJack, and serverless apps vulns

 

Securing IoT, Atlanta ransomware attack, Congress on cybersecurity

The Black Duck blog and Open Source Insight become part of the Synopsys Software Integrity blog in early April.  You’ll still get the latest open source security and license compliance news, insights, and opinions you’ve come to expect, plus the latest software security trends, news, tips, best practices, and thought leadership every week.  Don’t delay, […]

Continue Reading...

Posted in Automotive Security, Internet of Things | Comments Off on Securing IoT, Atlanta ransomware attack, Congress on cybersecurity

 

U.K. threatens to force IoT security by design

Securing the Internet of Things (IoT) seems like an endless reality version of “Mission Impossible”—really impossible. Many have tried—with lists of best practices and standards, exhortations, and warnings—but none has succeeded. Still, the U.K. government, in a policy paper titled Secure by Design released earlier this month, says it is also going to try, with a 13-point […]

Continue Reading...

Posted in Internet of Things, Security Standards and Compliance | Comments Off on U.K. threatens to force IoT security by design

 

Still just recommendations, not regulation, for IoT security

Trying to secure the Internet of Things (IoT) makes herding cats look like a breeze. The IoT is rapidly becoming the Internet of Everything—billions of devices with an almost endless variety of designs and purposes, embedded in vehicles, homes, factories, critical infrastructure, health, fitness, finance, and more. And for the large majority of those devices, […]

Continue Reading...

Posted in Internet of Things, Security Standards and Compliance | Comments Off on Still just recommendations, not regulation, for IoT security

 

In an IoT-filled world, it’s time to be alert in the wake of ‘Hide ‘N Seek”

A relatively new Internet of Things (IoT) botnet took its time going viral – it even disappeared for 10 days – but once it got back in gear, it spread worldwide in a matter of days. Hence the name – HNS or “Hide and Seek” – that researchers at Bitdefender Labs gave it after they first spotted […]

Continue Reading...

Posted in Data Breach, Internet of Things, Vulnerability Assessment | Comments Off on In an IoT-filled world, it’s time to be alert in the wake of ‘Hide ‘N Seek”

 

IoT security, tech due diligence, and software security training

A grab-bag of open source security and cybersecurity news is in this week’s edition of Open Source Insight.  Is “many eyeballs” not enough? Some security researchers think Linus’ Law doesn’t work anymore. Black Duck by Synopsys kicks off a new video series with MITRE IoT expert, Bob Martin, covering IoT security. Learn how open source […]

Continue Reading...

Posted in DevOps, GDPR, Internet of Things, Open Source Security | Comments Off on IoT security, tech due diligence, and software security training

 

Privacy still an uphill climb on Data Privacy Day

It’s been called Data Privacy Day since it was launched in 2008 to commemorate the signing of Convention 108—the first legally binding international treaty dealing with privacy and data protection—on Jan. 28, 1981. But you could make a pretty solid case that a decade later, this year’s observance, on Sunday, ought to be called Lack […]

Continue Reading...

Posted in Internet of Things | Comments Off on Privacy still an uphill climb on Data Privacy Day