The Internet of Things (IoT) will never be too big to fail, although it is hard to conceive of the entire thing failing at once, unless every power grid on the planet goes down simultaneously. But it is in danger of increasing incremental failure because it is too big to patch, according to author, encryption […]
Posted in Application Security, Featured, Internet of Things | Comments Off on The IoT: Too big (and buggy) to patch?
Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup episode. What’s in this week’s Security Mashup episode, you ask? California puts a lot on your plate, the law of unintended consequences as it related to GDPR risks, and porous pepper. Watch the entire […]
Posted in Application Security, Internet of Things, Weekly Security Mashup | Comments Off on Digital license plates, GDPR risks and hackers, security bugs in AI robots
Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup episode. What’s in this week’s episode, you ask? Russia vs. Ukraine, Beemer as the ultimate hackable machine, and Nest “smart home” devices. Learn more by watching the full episode below: New VPNFilter […]
Posted in Application Security, Automotive Security, Internet of Things, Vulnerability Assessment, Weekly Security Mashup | Comments Off on VPNFilter, BMW connected car vulnerability, and Nest IoT devices go offline
It’s nearly an all-Tim Mackey issue of Software Integrity Insight as our technical evangelist weighs in on data breaches, container adoption, GitHub, and open source serverless applications. Other stories in this week’s software integrity news include the SirenJack vulnerability, a security vulnerability potentially putting warning sirens across the city of San Francisco at risk, and […]
Posted in Application Security, Containers, Data Breach, Internet of Things, Open Source Security | Comments Off on Data breaches, SirenJack, and serverless apps vulns
The Black Duck blog and Open Source Insight become part of the Synopsys Software Integrity blog in early April. You’ll still get the latest open source security and license compliance news, insights, and opinions you’ve come to expect, plus the latest software security trends, news, tips, best practices, and thought leadership every week. Don’t delay, […]
Posted in Automotive Security, Internet of Things | Comments Off on Securing IoT, Atlanta ransomware attack, Congress on cybersecurity
Securing the Internet of Things (IoT) seems like an endless reality version of “Mission Impossible”—really impossible. Many have tried—with lists of best practices and standards, exhortations, and warnings—but none has succeeded. Still, the U.K. government, in a policy paper titled Secure by Design released earlier this month, says it is also going to try, with a 13-point […]
Posted in Internet of Things, Security Standards and Compliance | Comments Off on U.K. threatens to force IoT security by design
Trying to secure the Internet of Things (IoT) makes herding cats look like a breeze. The IoT is rapidly becoming the Internet of Everything—billions of devices with an almost endless variety of designs and purposes, embedded in vehicles, homes, factories, critical infrastructure, health, fitness, finance, and more. And for the large majority of those devices, […]
Posted in Internet of Things, Security Standards and Compliance | Comments Off on Still just recommendations, not regulation, for IoT security
A relatively new Internet of Things (IoT) botnet took its time going viral – it even disappeared for 10 days – but once it got back in gear, it spread worldwide in a matter of days. Hence the name – HNS or “Hide and Seek” – that researchers at Bitdefender Labs gave it after they first spotted […]
Posted in Data Breach, Internet of Things, Vulnerability Assessment | Comments Off on In an IoT-filled world, it’s time to be alert in the wake of ‘Hide ‘N Seek”
A grab-bag of open source security and cybersecurity news is in this week’s edition of Open Source Insight. Is “many eyeballs” not enough? Some security researchers think Linus’ Law doesn’t work anymore. Black Duck by Synopsys kicks off a new video series with MITRE IoT expert, Bob Martin, covering IoT security. Learn how open source […]
Posted in DevOps, GDPR, Internet of Things, Open Source Security | Comments Off on IoT security, tech due diligence, and software security training
It’s been called Data Privacy Day since it was launched in 2008 to commemorate the signing of Convention 108—the first legally binding international treaty dealing with privacy and data protection—on Jan. 28, 1981. But you could make a pretty solid case that a decade later, this year’s observance, on Sunday, ought to be called Lack […]
Posted in Internet of Things | Comments Off on Privacy still an uphill climb on Data Privacy Day