Software Integrity Blog

Archive for the 'Security Standards and Compliance' Category

 

Timehop breach provides GDPR response template

With the disclosure of 21 million individuals’ account information being accessed in a data breach at Timehop, we now have a blueprint for what public disclosure of a breach might look like under the new GDPR rules. In their disclosure, Timehop stated that on July 4, malicious actors gained access to account information for 21 […]

Continue Reading...

Posted in Data Breach, Security Standards and Compliance

 

Data breaches and more data breaches—oh my!

It’s been quite an interesting few weeks in the land of data breach disclosures. We started with Under Armour disclosing a breach in their MyFitnessPal application that impacted 150 million users. A few days later, Lord & Taylor and Saks Fifth Avenue disclosed a breach impacting millions of their in-store shoppers. Later the same day, […]

Continue Reading...

Posted in Data Breach, Security Standards and Compliance

 

What you need to know about the Singapore Cybersecurity Bill

The newly ratified Singapore Cybersecurity Bill is Singapore’s answer to securing critical information infrastructure (CII) providers, minimizing threats from malicious actors. But now that the bill has been signed into law, analysts and practitioners alike are raising concerns about the high costs and logistic challenges of enforcing it. CII providers are defined as the owners […]

Continue Reading...

Posted in Security Standards and Compliance

 

U.K. threatens to force IoT security by design

Securing the Internet of Things (IoT) seems like an endless reality version of “Mission Impossible”—really impossible. Many have tried—with lists of best practices and standards, exhortations, and warnings—but none has succeeded. Still, the U.K. government, in a policy paper titled Secure by Design released earlier this month, says it is also going to try, with a 13-point […]

Continue Reading...

Posted in Internet of Things, Security Standards and Compliance

 

The 7 elements of GDPR software security compliance

Our GDPR compliance checklist explains seven steps you can take to improve your software security initiative and illustrate GDPR software security compliance.

Continue Reading...

Posted in Security Standards and Compliance

 

Who owns Linux? TRITON attack, app security testing, future of GDPR

We look at the three reasons you must attend the FLIGHT Amsterdam conference; how to build outstanding projects in the open source community; and why isn’t every app being security tested? Plus, going in-depth into the TRITON attack, why 2018 is the year of open source, how open source is driving both IoT and AI, […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Automotive Security, Data Breach, Open Source Security, Security Standards and Compliance

 

Still just recommendations, not regulation, for IoT security

Recommendations are a fine first step, but without real IoT security regulation, securing the Internet of Things (IoT) makes herding cats look like a breeze.

Continue Reading...

Posted in Internet of Things, Security Standards and Compliance

 

SEC and CyberSec risks, GDPR looms, what’s going on with the NVD?

In this week’s open source security and cyber security news: Free software comes with a price. Learn how a PE firm wraps open source due diligence into its tech investing. The SEC provides guidance on public cyber security. The Defense Department (re)launches its open source portal. A look at cyber security through the (virtual) lens […]

Continue Reading...

Posted in Security Standards and Compliance, Software Architecture and Design

 

So, you want to be a data protection officer

The General Data Protection Regulation (GDPR) will be enforced starting on May 25, 2018. One of the requirements of the GDPR is that many companies who handle personal data of EU citizens will need to appoint either an employee or contractor to be their Data Protection Officer.

Continue Reading...

Posted in Security Standards and Compliance

 

Here are the answers to the most frequently asked questions about GDPR

What is GDPR? In January 2012, the European Commission (EC) in Brussels proposed a reform of the European Union’s (EU’s) 1995 data protection rules to “make Europe fit for the digital age.” New technologies and globalization have had a profound impact on how information is collected, accessed, and used. Furthermore, the 27 EU member states […]

Continue Reading...

Posted in Security Standards and Compliance