Software Integrity Blog

Archive for the 'Security Standards and Compliance' Category

 

New software standards aim to slow rampant credit card theft

With the new PCI standards, the Payment Card Industry Security Standards Council intends to reduce credit card fraud. But the new standards may not be enough.

Continue Reading...

Posted in Financial Services Security, Security Standards and Compliance | Comments Off on New software standards aim to slow rampant credit card theft

 

National Data Privacy Day is wishful thinking

The worst data privacy threat today isn’t data breach but data abuse. Organizations are using AI to learn more about us than we’d ever choose to tell them.

Continue Reading...

Posted in Privacy, Security Standards and Compliance | Comments Off on National Data Privacy Day is wishful thinking

 

OWASP Top 10 web application security risks

The OWASP Top 10 2017 is a list of the most significant web application security risks. How are you addressing these top 10 web app vulnerabilities?

Continue Reading...

Posted in Security Standards and Compliance, Software Architecture and Design, Web Application Security | Comments Off on OWASP Top 10 web application security risks

 

SEC getting more aggressive on financial cyber lapses

SEC security measures, or cyber enforcement actions, are powerful incentives for financial institutions to protect investments and data from theft and fraud.

Continue Reading...

Posted in Financial Services Security, Security Standards and Compliance | Comments Off on SEC getting more aggressive on financial cyber lapses

 

Don’t expect jailed CEOs, but Wyden at least puts consumer privacy on the table

The Consumer Data Protection Act (as outlined in the CDPA draft circulated in early November by Sen. Ron Wyden) might not send CEOs to jail, but it will certainly help protect Americans’ data.

Continue Reading...

Posted in Legal, Privacy, Security Standards and Compliance | Comments Off on Don’t expect jailed CEOs, but Wyden at least puts consumer privacy on the table

 

Better passwords in California won’t help much

California is all done with weak passwords. Well, not right now, but it says it will be done with them for internet-connected devices in another 14 months—starting Jan. 1, 2020. From then on, the Information Privacy: Connected Devices bill, signed earlier this month by Gov. Jerry Brown, will require each such device to have a […]

Continue Reading...

Posted in Internet of Things, Legal, Security Standards and Compliance | Comments Off on Better passwords in California won’t help much

 

LifeLock lesson—Third party security is your security

On July 25, on his blog Krebs on Security, Brian Krebs covered a flaw in how LifeLock processed “unsubscribe” information related to its marketing activities. For those unfamiliar with LifeLock, it is a subsidiary of Symantec offering identity monitoring and protection services in the U.S. market. Brian outlined an issue impacting recipients of LifeLock marketing material […]

Continue Reading...

Posted in Privacy, Security Standards and Compliance | Comments Off on LifeLock lesson—Third party security is your security

 

Remediating XSS: Does a single fix work?

A very common type of injection defect is cross-site scripting (also known as XSS or HTML injection). Many developers struggle with remediation of XSS because of a misunderstanding of the difference between validation, sanitization, and normalization/canonicalization. Lately, even some security vendors have started suggesting “fixing” injection defects close to the source rather than close to […]

Continue Reading...

Posted in Security Standards and Compliance | Comments Off on Remediating XSS: Does a single fix work?

 

Hackers target cryptocurrency exchange, new Spectre vulnerabilities, and healthier healthcare

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. Watch the episode below:   What’s in this week’s Security Mashup, you ask? Cryptocurrency exchange Bancor gets targeted by hackers and loses $23.5 million, two new subvariants of Spectre vulnerabilities have been discovered, […]

Continue Reading...

Posted in Medical Device Security, Security Standards and Compliance, Weekly Security Mashup | Comments Off on Hackers target cryptocurrency exchange, new Spectre vulnerabilities, and healthier healthcare

 

GDPR raises the stakes on data breaches

Another week, another list of data breaches resulting from vulnerabilities in third-party contractors for high-profile companies. But since May 25, at least in the European Union (EU), it is more than just another week. There is the potential for something both more harsh and more expensive than unhappy customers, brand damage, or even class action […]

Continue Reading...

Posted in Data Breach, Security Standards and Compliance | Comments Off on GDPR raises the stakes on data breaches