If your organization competes in the global market, expect GDPR to have a critical influence on the software that powers your business. Having a disciplined software security strategy will help you not only identify, remediate, and prevent vulnerabilities in your software but also avoid violating GDPR. Listen as experts Adam Brown of Synopsys and legal […]
When the General Data Protection Regulation (GDPR) takes effect, it will replace the Data Protection Directive (DPD), also known as Directive 95/46/EC, of 1995. Adopted April 27, 2016, the GDPR will become enforceable May 25, 2018. The following is a detailed explanation of the differences between the DPD and the GDPR, as well as new […]
From the moon to autonomous driving There is a general awareness that software complexity has been growing immensely over time. Starting a few decades ago with special-purpose tasks, such as calculating equations to send a man to the moon, we are now at a stage where our world and much of our lives depend intrinsically […]
Now that a new year is upon us, we must remember that this is the year the General Data Protection Regulation (GDPR) supersedes Directive 95/36/EC. The new regulation will take effect May 25, 2018. In other words, this is the date by which organizations must be compliant. Primary obligations under GDPR GDPR applies to the […]
Posted in Security Standards and Compliance | Comments Off on What does GDPR enforcement mean for your business?
The director of software development comes into your office in a panic. “We’ve got to do MISRA… stat! Legal insists on it; our customers are demanding it.” Your heart sinks. If you’ve ever been to Yosemite, you’ll know there are two ways to the summit of Half Dome: one way has fairly gradual—or at least […]
A recent “Innovation Spotlight” in the IEEE XPLORE Digital Library announced “a first-of-its-kind charger that allows plug-in electric vehicles (PEVs) to deliver excess capacity to the power grid and recharge during off-peak hours.” Promising new technologies often evoke questions about security. Suppose a bad actor exploits the connection somehow and brings down portions of the […]
Let’s say you tested 46 web applications, 19 mobile apps, and 20 client-server apps this year alone. You also purchased a new application security testing tool in the process. You found 112 vulnerabilities and all-in-all you’re feeling pretty good. But before you get too excited, ask yourself a few questions: Did you reduce risk significantly? […]
Posted in Application Security, Security Standards and Compliance, Security Training, Software Security Program Development | Comments Off on How can you tell if your software security strategy is working?
“Scalpel.” “Scalpel.” “Let’s make the incision … There we go … Spreader.” “Spreader.” “Good. A little wider. Like that. Metzenbaum.” “Metzenbaum.” “There we are. We’re at the DIVIDE_BY_ZERO site. As you can see, it starts here, and follows this path here. We’ll remove it … gently … nice, a clean extraction. Now, let’s graft in […]
Seems we all have one: that distant aunt. You know the one I’m talking about. Always dressed to the nines. Always perfectly coiffured. Every detail just so. And that tiny Jack Russell that did tricks on command, never yapped (unless told to “speak”), and was always at her side, springing up to her lap when she pulled out […]
Developing software is an art. Developing safe and secure software is not only an art, but requires a mindset that anticipates potential bugs, security vulnerabilities, and system failures. Both quality and security are hard to add to a product after its inception. It simply isn’t practical to add on to a product as quality and security […]