Software Integrity

Archive for the 'Security Standards and Compliance' Category

 

Climbing Mount MISRA: Which route is right for you?

The director of software development comes into your office in a panic. “We’ve got to do MISRA… stat! Legal insists on it; our customers are demanding it.” Your heart sinks. If you’ve ever been to Yosemite, you’ll know there are two ways to the summit of Half Dome: one way has fairly gradual—or at least […]

Continue Reading...

Posted in Application Security, Security Standards and Compliance, Software Quality | Comments Off on Climbing Mount MISRA: Which route is right for you?

 

Smart devices, smart grids, and cyber security

A recent “Innovation Spotlight” in the IEEE XPLORE Digital Library announced “a first-of-its-kind charger that allows plug-in electric vehicles (PEVs) to deliver excess capacity to the power grid and recharge during off-peak hours.” Promising new technologies often evoke questions about security. Suppose a bad actor exploits the connection somehow and brings down portions of the […]

Continue Reading...

Posted in Automotive Security, Government Security, Security Standards and Compliance, Smart Grid Security | Comments Off on Smart devices, smart grids, and cyber security

 

How can you tell if your software security strategy is working?

Let’s say you tested 46 web applications, 19 mobile apps, and 20 client-server apps this year alone. You also purchased a new application security testing tool in the process. You found 112 vulnerabilities and all-in-all you’re feeling pretty good. But before you get too excited, ask yourself a few questions: Did you reduce risk significantly? […]

Continue Reading...

Posted in Application Security, Security Standards and Compliance, Security Training, Software Security Program Development | Comments Off on How can you tell if your software security strategy is working?

 

Is your software MISRA clean?

“Scalpel.” “Scalpel.” “Let’s make the incision … There we go …  Spreader.” “Spreader.” “Good. A little wider. Like that. Metzenbaum.” “Metzenbaum.” “There we are. We’re at the DIVIDE_BY_ZERO site. As you can see, it starts here, and follows this path here. We’ll remove it … gently … nice, a clean extraction. Now, let’s graft in […]

Continue Reading...

Posted in Application Security, Secure Coding Guidelines, Security Standards and Compliance, Software Quality, Vulnerability Assessment | Comments Off on Is your software MISRA clean?

 

Meet Auntie MISRA

Seems we all have one: that distant aunt. You know the one I’m talking about. Always dressed to the nines. Always perfectly coiffured. Every detail just so. And that tiny Jack Russell that did tricks on command, never yapped (unless told to “speak”), and was always at her side, springing up to her lap when she pulled out […]

Continue Reading...

Posted in Application Security, Secure Coding Guidelines, Security Standards and Compliance | Comments Off on Meet Auntie MISRA

 

MISRA: Ensuring software safety and security from the start

Developing software is an art. Developing safe and secure software is not only an art, but requires a mindset that anticipates potential bugs, security vulnerabilities, and system failures. Both quality and security are hard to add to a product after its inception. It simply isn’t practical to add on to a product as quality and security […]

Continue Reading...

Posted in Automotive Security, Security Standards and Compliance | Comments Off on MISRA: Ensuring software safety and security from the start

 

Fault Injection Podcast .004: Driving automotive software security

Fault Injection is a podcast from Synopsys that digs into software quality and security issues. This week, hosts Robert Vamosi, CISSP and Security Strategist at Synopsys, and Chris Clark, Principal Security Engineer at Synopsys, go into detail about automotive software security and the future of connected cars. You can always join the discussion by sending […]

Continue Reading...

Posted in Automotive Security, Embedded Software Testing, Internet of Things, Security Standards and Compliance | Comments Off on Fault Injection Podcast .004: Driving automotive software security

 

How will the EU’s GDPR set a higher data security standard?

By mid 2018, global organizations doing business in Europe will need to comply with a new data security regulation known as the General Data Protection Regulation (GDPR). In light of recent high-profile data breaches, the GDPR is a much-needed revision of the EU’s 1995 Data Protection Directive 95/46/EC. It establishes new best practices for organizations doing […]

Continue Reading...

Posted in Data Breach, Security Standards and Compliance | Comments Off on How will the EU’s GDPR set a higher data security standard?

 

Software glitch causes FAA to order Boeing 787s powered down

Until Boeing provides a permanent software fix, airlines with 787 Dreamliners in their fleet will have to power down the planes once every 22 days. A software glitch that could result in the loss of controllability for the 787s manifests itself after several hours of continuous use. The FAA says “all three flight control modules […]

Continue Reading...

Posted in Embedded Software Testing, Security Standards and Compliance | Comments Off on Software glitch causes FAA to order Boeing 787s powered down

 

5 software licenses you need to understand

There are different types of software licenses with some requiring you to make your source code public. Do you know what’s in your software? If you wrote the software yourself, the answer would be yes. But, if you’re like most people, you probably only wrote a portion of it. Industry practices vary but studies do […]

Continue Reading...

Posted in Application Security, Security Standards and Compliance | Comments Off on 5 software licenses you need to understand