Software Integrity

Archive for the 'Security Standards and Compliance' Category

 

LifeLock lesson—Third party security is your security

On July 25, on his blog Krebs on Security, Brian Krebs covered a flaw in how LifeLock processed “unsubscribe” information related to its marketing activities. For those unfamiliar with LifeLock, it is a subsidiary of Symantec offering identity monitoring and protection services in the U.S. market. Brian outlined an issue impacting recipients of LifeLock marketing material […]

Continue Reading...

Posted in Privacy, Security Standards and Compliance

 

Remediating XSS: Does a single fix work?

A very common type of injection defect is cross-site scripting (also known as XSS or HTML injection). Many developers struggle with remediation of XSS because of a misunderstanding of the difference between validation, sanitization, and normalization/canonicalization. Lately, even some security vendors have started suggesting “fixing” injection defects close to the source rather than close to […]

Continue Reading...

Posted in Security Standards and Compliance

 

Hackers target cryptocurrency exchange, new Spectre vulnerabilities, and healthier healthcare

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. Watch the episode below:   What’s in this week’s Security Mashup, you ask? Cryptocurrency exchange Bancor gets targeted by hackers and loses $23.5 million, two new subvariants of Spectre vulnerabilities have been discovered, […]

Continue Reading...

Posted in Medical Device Security, Security Standards and Compliance, Weekly Security Mashup

 

GDPR raises the stakes on data breaches

Another week, another list of data breaches resulting from vulnerabilities in third-party contractors for high-profile companies. But since May 25, at least in the European Union (EU), it is more than just another week. There is the potential for something both more harsh and more expensive than unhappy customers, brand damage, or even class action […]

Continue Reading...

Posted in Data Breach, Security Standards and Compliance

 

Timehop breach provides GDPR response template

With the disclosure of 21 million individuals’ account information being accessed in a data breach at Timehop, we now have a blueprint for what public disclosure of a breach might look like under the new GDPR rules. In their disclosure, Timehop stated that on July 4, malicious actors gained access to account information for 21 […]

Continue Reading...

Posted in Data Breach, Security Standards and Compliance

 

Data breaches and more data breaches—oh my!

It’s been quite an interesting few weeks in the land of data breach disclosures. We started with Under Armour disclosing a breach in their MyFitnessPal application that impacted 150 million users. A few days later, Lord & Taylor and Saks Fifth Avenue disclosed a breach impacting millions of their in-store shoppers. Later the same day, […]

Continue Reading...

Posted in Data Breach, Security Standards and Compliance

 

What you need to know about the Singapore Cybersecurity Bill

The newly ratified Singapore Cybersecurity Bill is Singapore’s answer to securing critical information infrastructure (CII) providers, minimizing threats from malicious actors. But now that the bill has been signed into law, analysts and practitioners alike are raising concerns about the high costs and logistic challenges of enforcing it. CII providers are defined as the owners […]

Continue Reading...

Posted in Security Standards and Compliance

 

U.K. threatens to force IoT security by design

Securing the Internet of Things (IoT) seems like an endless reality version of “Mission Impossible”—really impossible. Many have tried—with lists of best practices and standards, exhortations, and warnings—but none has succeeded. Still, the U.K. government, in a policy paper titled Secure by Design released earlier this month, says it is also going to try, with a 13-point […]

Continue Reading...

Posted in Internet of Things, Security Standards and Compliance

 

The 7 elements of GDPR software security compliance

By now, you’re probably aware that the General Data Protection Regulation (GDPR) is coming. Taking effect on May 25, 2018, GDPR aims to unify the European Union (EU) on common data protection practices. Bringing more control and higher standards, this regulation will affect how firms gather, store, and use data pertaining to EU residents. Let’s […]

Continue Reading...

Posted in Security Standards and Compliance

 

Who owns Linux? TRITON attack, app security testing, future of GDPR

We look at the three reasons you must attend the FLIGHT Amsterdam conference; how to build outstanding projects in the open source community; and why isn’t every app being security tested? Plus, in-depth into the TRITON attack; why 2018 is the year of open source; how open source is driving both IoT and AI and […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Automotive Security, Data Breach, Open Source Security, Security Standards and Compliance