Software Integrity Blog

Archive for the 'Software Architecture and Design' Category

 

Detecting Spectre vulnerability exploits with static analysis

Written by Charles-Henri Gros, Liana Hadarean, and Mandar Satam.

Continue Reading...

Posted in Software Architecture and Design, Static Analysis (SAST) | Comments Off on Detecting Spectre vulnerability exploits with static analysis

 

Closing the CVE gap still a work in progress

It’s hard to think of a better security concept than the CVE (Common Vulnerabilities and Exposures) program. It amounts to crowdsourcing security.

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Closing the CVE gap still a work in progress

 

SEC and CyberSec risks, GDPR looms, what’s going on with the NVD?

In this week’s open source security and cyber security news: Free software comes with a price. Learn how a PE firm wraps open source due diligence into its tech investing. The SEC provides guidance on public cyber security. The Defense Department (re)launches its open source portal. A look at cyber security through the (virtual) lens of video gaming. What you need to know to be a DPO. And what’s up with the National Vulnerability Database? 

Continue Reading...

Posted in Security Standards and Compliance, Software Architecture and Design, Webinars | Comments Off on SEC and CyberSec risks, GDPR looms, what’s going on with the NVD?

 

What’s happening with the National Vulnerability Database?

The image below is what you saw if you search the National Vulnerability Database (NVD) on February 16. As you can see, vulnerabilities are being added on a daily basis. The far right column, however, is blank. None of the vulnerabilities are being scored using NIST’s Common Vulnerability Scoring System (CVSS).

Continue Reading...

Posted in Software Architecture and Design | Comments Off on What’s happening with the National Vulnerability Database?

 

Big data breaches, costly cyber attacks, vuln detection for Kubernetes

This week’s Open Source Insight features a powerful visualization tool displaying the world’s biggest data breaches at name brands such as Ebay, Equifax, Anthem, and Target. The White House and British Foreign Office have condemned a cyber attack launched by the Russian military on Ukraine and hint at reprisals. Black Duck OpsSight brings open source vulnerability detection to Kubernetes, and Synopsys will host Elevate, an evening thought leadership event at Embedded World 2018 featuring an elite group of international cyber security experts leading a discussion about IoT and embedded systems security threats and solutions.

Continue Reading...

Posted in Data Breach, Open Source Security, Software Architecture and Design | Comments Off on Big data breaches, costly cyber attacks, vuln detection for Kubernetes

 

Black Duck OpsSight brings open source vulnerability detection to Kubernetes

This week we released a new version of Black Duck OpsSight, a solution for vulnerability detection and alerting in production environments. When we introduced Black Duck OpsSight for OpenShift in November, we made it possible for customers who use Black Duck Hub as an integral part of their SDLC security process to also monitor the open source security of their application deployment environments.

Continue Reading...

Posted in Open Source Security, Software Architecture and Design | Comments Off on Black Duck OpsSight brings open source vulnerability detection to Kubernetes

 

In an IoT-filled world, it’s time to be alert in the wake of ‘Hide ‘N Seek”

A relatively new Internet of Things (IoT) botnet took its time going viral – it even disappeared for 10 days – but once it got back in gear, it spread worldwide in a matter of days.

Continue Reading...

Posted in Data Breach, Internet of Things, Software Architecture and Design | Comments Off on In an IoT-filled world, it’s time to be alert in the wake of ‘Hide ‘N Seek”

 

New reports detail how most 2017 security breaches were easily preventable

For data breaches, 2017 was (no drum roll, please)…The. Worst. Year. Ever.

Continue Reading...

Posted in Data Breach, Software Architecture and Design | Comments Off on New reports detail how most 2017 security breaches were easily preventable

 

Learn how to scale threat modeling with a pattern-based strategy

Performing threat modeling is a difficult and expensive undertaking for most firms. And, understandably. Traditionally, threat modeling requires an experienced security architect with knowledge in three fundamental areas.

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Learn how to scale threat modeling with a pattern-based strategy

 

Meltdown, Spectre security flaws “impact everything”

Welcome to 2018, with two major security flaws revealed that makes any computer device that has chips from Intel, AMD and ARM at risk. One security flaw, dubbed Meltdown, impacts Intel semiconductors, enabling enabling bad guys to steal passwords. The other security flaw, Spectre, impacts chips from all three companies. During an interview with CNBC covered by Reuters, Intel’s chief executive noted that “Phones, PCs, everything are going to have some impact, but it’ll vary from product to product.”

Continue Reading...

Posted in Open Source Security, Software Architecture and Design | Comments Off on Meltdown, Spectre security flaws “impact everything”