Software Integrity Blog

Archive for the 'Internet of Things' Category

 

In an IoT-filled world, it’s time to be alert in the wake of ‘Hide ‘N Seek”

A relatively new Internet of Things (IoT) botnet took its time going viral – it even disappeared for 10 days – but once it got back in gear, it spread worldwide in a matter of days.

Continue Reading...

Posted in Data Breach, Internet of Things, Software Architecture and Design | Comments Off on In an IoT-filled world, it’s time to be alert in the wake of ‘Hide ‘N Seek”

 

IoT security, tech due diligence, software security training

A grab bag of open source security and cyber security news is in this week’s edition of Open Source Insight. Is “many eyeballs” not enough? Some security researchers think Linus’ Law doesn’t work anymore. Black Duck by Synopsys kicks off a new video series with MITRE IoT expert Bob Martin covering IoT security. Learn how open source tech due diligence helped one company close a deal securely. Should Privacy Day be renamed to Lack of Privacy Day? Plus, an eye-catching infographic on how too little software security training is putting many companies at risk.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Internet of Things, Open Source Security, Security Standards and Compliance | Comments Off on IoT security, tech due diligence, software security training

 

Privacy still an uphill climb on Data Privacy Day

It’s been called Data Privacy Day since it was launched in 2008 to commemorate the signing of Convention 108—the first legally binding international treaty dealing with privacy and data protection—on Jan. 28, 1981.

Continue Reading...

Posted in General, Internet of Things | Comments Off on Privacy still an uphill climb on Data Privacy Day

 

Duck Talks: 20 billion reasons for IoT security

If you haven’t figured it out, at Black Duck by Synopsys we are quackers about security (I can’t resist a good duck pun!). In fact, it’s one of our favorite subjects — so much that we are launching this new video series.

Continue Reading...

Posted in Internet of Things, Webinars | Comments Off on Duck Talks: 20 billion reasons for IoT security

 

Open source banking, 2018 CISO Report, GDPR looming

Cybercriminals are expected to extend their threat deeper into ransomware and IoT. In a just-released report, Synopsys examines the four “tribes” of CISOs, and the characteristics of each.  A link to the complimentary report is below. And with the GDPR going into force in just four months, businesses are scrambling for compliance.

Continue Reading...

Posted in Internet of Things, Open Source Security, Security Standards and Compliance | Comments Off on Open source banking, 2018 CISO Report, GDPR looming

 

What you need to know about BlueBorne Bluetooth flaws

As of Sept. 12, 2017, much of the code vulnerable to BlueBorne Bluetooth attacks remains unpatched. Learn what you can do to secure your code.

Continue Reading...

Posted in Fuzz Testing, Internet of Things, Static Analysis (SAST) | Comments Off on What you need to know about BlueBorne Bluetooth flaws

 

IoT security: Where there is smoke, there is fire

Originally posted on SecurityWeek. 

Continue Reading...

Posted in Internet of Things | Comments Off on IoT security: Where there is smoke, there is fire

 

How will new IoT legislation strengthen the future of cyber security?

New legislation proposed this month in U.S. Congress seeks to mitigate the risk of botnets commandeering Internet of Things (IoT) devices used in the U.S. government. The Internet of Things Cybersecurity Improvement Act of 2017 is a proposal from Sens. Mark R. Warner (D-Va.) and Cory Gardner (R-Colo.), co-chairs of the Senate Cybersecurity Caucus, along with Sens. Ron Wyden (D-Wash.) and Steve Daines (R-Mont.). It aims to mitigate risks and increase security in IoT products. The bill is limited to U.S. government-purchased devices. Since the U.S. government is such a large consumer, it is reasonable to assume that these improvements will eventually find their way into commercial products as well.

Continue Reading...

Posted in General, Internet of Things | Comments Off on How will new IoT legislation strengthen the future of cyber security?

 

Black Hat USA and DEF CON 2017: And that’s a wrap!

Another week of InfoSec in the desert is history. Black Hat USA started as the Black Hat Briefings in 1997, and has remained mostly corporate. It grew out of the hacker-friendly environment of DEF CON which started as a going away party for a friend of the founder, Jeff Moss, in 1993. Together, the two conference represent the largest annual gathering of InfoSec experts in the world.

Continue Reading...

Posted in Fuzz Testing, General, Internet of Things | Comments Off on Black Hat USA and DEF CON 2017: And that’s a wrap!

 

How do Internet of Things devices impact retail security?

You’ve probably come across article headlines about parents facing the headache-inducing consequences of their children placing orders online. We’ve reached the day when it has become so easy to shop online that toddlers can (and do) place successful internet orders.

Continue Reading...

Posted in Internet of Things | Comments Off on How do Internet of Things devices impact retail security?