Software Integrity Blog

Archive for the 'Software Architecture and Design' Category

 

Closing the CVE gap still a work in progress

It’s hard to think of a better security concept than the CVE (Common Vulnerabilities and Exposures) program. It amounts to crowdsourcing security. The idea is that everybody who finds an exploitable flaw or bug in software or firmware notifies a single organization—in this case, the nonprofit, federally funded MITRE Corp.—which maintains a database in which […]

Continue Reading...

Posted in Software Architecture and Design

 

SEC and CyberSec risks, GDPR looms, what’s going on with the NVD?

In this week’s open source security and cyber security news: Free software comes with a price. Learn how a PE firm wraps open source due diligence into its tech investing. The SEC provides guidance on public cyber security. The Defense Department (re)launches its open source portal. A look at cyber security through the (virtual) lens […]

Continue Reading...

Posted in Security Standards and Compliance, Software Architecture and Design

 

What’s happening with the National Vulnerability Database?

The image below is what you saw if you search the National Vulnerability Database (NVD) on February 16. As you can see, vulnerabilities are being added on a daily basis. The far right column, however, is blank. None of the vulnerabilities are being scored using NIST’s Common Vulnerability Scoring System (CVSS).

Continue Reading...

Posted in Software Architecture and Design

 

Big data breaches, costly cyber attacks, vuln detection for Kubernetes

This week’s Open Source Insight features a powerful visualization tool displaying the world’s biggest data breaches at name brands such as Ebay, Equifax, Anthem, and Target. The White House and British Foreign Office have condemned a cyber attack launched by the Russian military on Ukraine and hint at reprisals. Black Duck OpsSight brings open source […]

Continue Reading...

Posted in Data Breach, Open Source Security, Software Architecture and Design

 

Black Duck OpsSight brings open source vulnerability detection to Kubernetes

This week we released a new version of Black Duck OpsSight, a solution for vulnerability detection and alerting in production environments. When we introduced Black Duck OpsSight for OpenShift in November, we made it possible for customers who use Black Duck Hub as an integral part of their SDLC security process to also monitor the […]

Continue Reading...

Posted in Open Source Security, Software Architecture and Design

 

In an IoT-filled world, it’s time to be alert in the wake of ‘Hide ‘N Seek”

A relatively new Internet of Things (IoT) botnet took its time going viral – it even disappeared for 10 days – but once it got back in gear, it spread worldwide in a matter of days. Hence the name – HNS or “Hide and Seek” – that researchers at Bitdefender Labs gave it after they first spotted […]

Continue Reading...

Posted in Data Breach, Internet of Things, Software Architecture and Design

 

New reports detail how most 2017 security breaches were easily preventable

For data breaches, 2017 was (no drum roll, please)…The. Worst. Year. Ever. No drum roll needed, because there wasn’t even a shred of suspense about it. Just as it will be no surprise to learn a year from now that 2018 was the new worst year ever for data breaches. A small flood of reports […]

Continue Reading...

Posted in Data Breach, Software Architecture and Design

 

Learn how to scale threat modeling with a pattern-based strategy

Performing threat modeling is a difficult and expensive undertaking for most firms. And, understandably. Traditionally, threat modeling requires an experienced security architect with knowledge in three fundamental areas. Architecture and design patterns Enterprise application technologies Security controls and best practices When creating a scalable threat model, it’s important to recognize the benefits and limitations of […]

Continue Reading...

Posted in Software Architecture and Design

 

Meltdown, Spectre security flaws “impact everything”

Welcome to 2018, with two major security flaws revealed that makes any computer device that has chips from Intel, AMD and ARM at risk. One security flaw, dubbed Meltdown, impacts Intel semiconductors, enabling enabling bad guys to steal passwords. The other security flaw, Spectre, impacts chips from all three companies. During an interview with CNBC covered by […]

Continue Reading...

Posted in Open Source Security, Software Architecture and Design

 

Navigating responsible vulnerability disclosure best practices

The definition of responsible vulnerability disclosure varies based on who you ask. Tech goliath Microsoft has openly disagreed with Google on this very topic, as outlined by The Verge. In the vulnerability management industry, discretion is key. Because we’re continuously handling vulnerabilities that can be used maliciously by black hats, there are widespread implications and […]

Continue Reading...

Posted in Fuzz Testing, Software Architecture and Design