Software Integrity

Archive for the 'Software Architecture and Design' Category

 

From mainframes to connected cars: How software drives the automotive industry

The automotive industry runs on software—but with increased software use comes an increased attack surface. Making safe, reliable vehicles starts with building secure software. Dr. Gary McGraw explains the importance of secure design principles and how to take the first step toward automotive software security. The original version of this article was published in The Security […]

Continue Reading...

Posted in Automotive Security, Maturity Model (BSIMM), Software Architecture and Design

 

VPNFilter, BMW connected car vulnerability, and Nest IoT devices go offline

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup episode. What’s in this week’s episode, you ask? Russia vs. Ukraine, Beemer as the ultimate hackable machine, and Nest “smart home” devices. Learn more by watching the full episode below:   New VPNFilter […]

Continue Reading...

Posted in Automotive Security, Internet of Things, Software Architecture and Design, Weekly Security Mashup

 

How does the TeenSafe data leak present a classic false sense of security?

Security researcher Robert Wiggins recently uncovered a serious security issue in the TeenSafe “secure” monitoring product for Android and iOS platforms. The app allows users (typically parents) to monitor devices (typically their children’s) to view location, text messages, calls, browsing history, and more. TeenSafe claims the technology can and will help protect your child. There […]

Continue Reading...

Posted in Cloud Security, Data Breach, Software Architecture and Design

 

Bad Signal gets quick fix

It looked like a bright spot in a gloomy week for the encrypted messaging app Signal. And it was, in fact, a positive thing—a patch for a serious XSS (cross-site scripting) vulnerability that the company made available only hours after a public report of the problem. It just wasn’t quite as bright a moment as […]

Continue Reading...

Posted in Software Architecture and Design

 

Examining Spectre and Meltdown attacks

As you have no doubt heard, Spectre and Meltdown aren’t software bugs that can be fixed in a few days or weeks when a company pushes out a patch. They are part of the architecture of hardware – the chips that run your computer. And you don’t just roll out a patch for hardware. Chips […]

Continue Reading...

Posted in Software Architecture and Design, Static Analysis (SAST)

 

Verizon DBIR puts security burden on users

The 2018 Verizon Data Breach Investigations Report (DBIR)—the 11th annual exhaustive collection of good advice and (mostly) bad news—which dropped a couple of weeks ago, doesn’t contain any major surprises about the state of online security. The number of confirmed breaches—at least the ones reported by 67 contributors globally—was 2,216, among 53,308 “real-world incidents.” In […]

Continue Reading...

Posted in Data Breach, Maturity Model (BSIMM), Software Architecture and Design

 

RSA 2018 recap: Detecting vulnerabilities and avoiding snake oil

With RSA 2018 behind us, a recap is in order. For any readers who have never attended the RSA Conference (RSA) in North America, it’s worth setting the stage. For practical purposes, RSA is the premier technology security conference. There are tens of thousands of attendees, well over a dozen conference tracks, and the show […]

Continue Reading...

Posted in Software Architecture and Design, Software Security Initiative (SSI), Webinars

 

Weighing the pros and cons of open sourcing election software

Open source election software is exposed to many eyes that check it for vulnerabilities. But does that mean it’s more secure? What are the pros and cons of open sourcing election software?

Continue Reading...

Posted in Open Source Security, Software Architecture and Design

 

Detecting Spectre vulnerability exploits with static analysis

Written by Charles-Henri Gros, Liana Hadarean, and Mandar Satam. Since this article was posted, we have made several improvements to our capability of detecting code patterns vulnerable to Spectre. Details on the latest enhancements can be found here. In the last few months, Spectre (CVE-2017-5753 and CVE-2017-5715) has emerged as a new kind of vulnerability. […]

Continue Reading...

Posted in Software Architecture and Design, Static Analysis (SAST)

 

Closing the CVE gap still a work in progress

It’s hard to think of a better security concept than the CVE (Common Vulnerabilities and Exposures) program. It amounts to crowdsourcing security. The idea is that everybody who finds an exploitable flaw or bug in software or firmware notifies a single organization—in this case, the nonprofit, federally funded MITRE Corp.—which maintains a database in which […]

Continue Reading...

Posted in Software Architecture and Design