Software Integrity Blog

Archive for the 'Security Standards and Compliance' Category

 

Why your development team should care about software compliance

Software compliance isn’t just a concern of security, development, and legal executives. Your developers and development managers should care about it too. Here’s why.

Continue Reading...

Posted in Security Standards and Compliance | Comments Off on Why your development team should care about software compliance

 

GDPR: Not heavy-handed yet, but driving data breaches into the open

The GDPR fines issued so far have been small, but breach notifications are up. As GDPR continues to ramp up, it seems likely to achieve its goals of privacy.

Continue Reading...

Posted in Data Breach, Security Standards and Compliance | Comments Off on GDPR: Not heavy-handed yet, but driving data breaches into the open

 

New software standards aim to slow rampant credit card theft

With the new PCI standards, the Payment Card Industry Security Standards Council intends to reduce credit card fraud. But the new standards may not be enough.

Continue Reading...

Posted in Financial Services Security, Security Standards and Compliance | Comments Off on New software standards aim to slow rampant credit card theft

 

National Data Privacy Day is wishful thinking

The worst data privacy threat today isn’t data breach but data abuse. Organizations are using AI to learn more about us than we’d ever choose to tell them.

Continue Reading...

Posted in General, Security Standards and Compliance, Webinars | Comments Off on National Data Privacy Day is wishful thinking

 

OWASP Top 10 web application security risks

The OWASP Top 10 2017 is a list of the most significant web application security risks. How are you addressing these top 10 web app vulnerabilities?

Continue Reading...

Posted in Security Standards and Compliance, Software Architecture and Design, Web Application Security | Comments Off on OWASP Top 10 web application security risks

 

SEC getting more aggressive on financial cyber lapses

SEC security measures, or cyber enforcement actions, are powerful incentives for financial institutions to protect investments and data from theft and fraud.

Continue Reading...

Posted in Financial Services Security, Security Standards and Compliance | Comments Off on SEC getting more aggressive on financial cyber lapses

 

Don’t expect jailed CEOs, but Wyden at least puts consumer privacy on the table

The Consumer Data Protection Act (as outlined in the CDPA draft circulated in early November by Sen. Ron Wyden) might not send CEOs to jail, but it will certainly help protect Americans’ data.

Continue Reading...

Posted in General, Security Standards and Compliance | Comments Off on Don’t expect jailed CEOs, but Wyden at least puts consumer privacy on the table

 

Better passwords in California won’t help much

California is all done with weak passwords. Well, not right now, but it says it will be done with them for internet-connected devices in another 14 months—starting Jan. 1, 2020. From then on, the Information Privacy: Connected Devices bill, signed earlier this month by Gov. Jerry Brown, will require each such device to have a […]

Continue Reading...

Posted in General, Internet of Things, Security Standards and Compliance | Comments Off on Better passwords in California won’t help much

 

LifeLock lesson—Third party security is your security

On July 25, on his blog Krebs on Security, Brian Krebs covered a flaw in how LifeLock processed “unsubscribe” information related to its marketing activities. For those unfamiliar with LifeLock, it is a subsidiary of Symantec offering identity monitoring and protection services in the U.S. market. Brian outlined an issue impacting recipients of LifeLock marketing material […]

Continue Reading...

Posted in General, Security Standards and Compliance | Comments Off on LifeLock lesson—Third party security is your security

 

Remediating XSS: Does a single fix work?

A very common type of injection defect is cross-site scripting (also known as XSS or HTML injection). Many developers struggle with remediation of XSS because of a misunderstanding of the difference between validation, sanitization, and normalization/canonicalization. Lately, even some security vendors have started suggesting “fixing” injection defects close to the source rather than close to […]

Continue Reading...

Posted in Security Standards and Compliance | Comments Off on Remediating XSS: Does a single fix work?