Software Integrity Blog

Archive for the 'Software Architecture and Design' Category

 

RSA 2018 recap: Detecting vulnerabilities and avoiding snake oil

With RSA 2018 behind us, a recap is in order. For any readers who have never attended the RSA Conference (RSA) in North America, it’s worth setting the stage. For practical purposes, RSA is the premier technology security conference. There are tens of thousands of attendees, well over a dozen conference tracks, and the show floor itself spans two buildings. Exhibitors range from the NSA and FBI (love their dogs, by the way), through service providers like CenturyLink and AT&T, major technology vendors like F5 and Trend Micro, to smaller vendors around the edges of the expo halls.

Continue Reading...

Posted in Software Architecture and Design | Comments Off on RSA 2018 recap: Detecting vulnerabilities and avoiding snake oil

 

Weighing the pros and cons of open sourcing election software

Open source election software is exposed to many eyes that check it for vulnerabilities. But does that mean it’s more secure? What are the pros and cons of open sourcing election software?

Continue Reading...

Posted in Open Source Security, Software Architecture and Design | Comments Off on Weighing the pros and cons of open sourcing election software

 

Detecting Spectre vulnerability exploits with static analysis

We’ve released a static analysis checker that can detect code patterns vulnerable to the Spectre attack. Learn how the checker works and see code examples.

Continue Reading...

Posted in Software Architecture and Design, Static Analysis (SAST) | Comments Off on Detecting Spectre vulnerability exploits with static analysis

 

Closing the CVE gap still a work in progress

It’s hard to think of a better security concept than the CVE (Common Vulnerabilities and Exposures) program. It amounts to crowdsourcing security.

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Closing the CVE gap still a work in progress

 

What’s happening with the National Vulnerability Database?

The image below is what you saw if you search the National Vulnerability Database (NVD) on February 16. As you can see, vulnerabilities are being added on a daily basis. The far right column, however, is blank. None of the vulnerabilities are being scored using NIST’s Common Vulnerability Scoring System (CVSS).

Continue Reading...

Posted in Software Architecture and Design | Comments Off on What’s happening with the National Vulnerability Database?

 

Black Duck OpsSight brings open source vulnerability detection to Kubernetes

This week we released a new version of Black Duck OpsSight, a solution for vulnerability detection and alerting in production environments. When we introduced Black Duck OpsSight for OpenShift in November, we made it possible for customers who use Black Duck Hub as an integral part of their SDLC security process to also monitor the open source security of their application deployment environments.

Continue Reading...

Posted in Open Source Security, Software Architecture and Design | Comments Off on Black Duck OpsSight brings open source vulnerability detection to Kubernetes

 

In an IoT-filled world, it’s time to be alert in the wake of ‘Hide ‘N Seek”

A relatively new Internet of Things (IoT) botnet took its time going viral – it even disappeared for 10 days – but once it got back in gear, it spread worldwide in a matter of days.

Continue Reading...

Posted in Data Breach, Internet of Things, Software Architecture and Design | Comments Off on In an IoT-filled world, it’s time to be alert in the wake of ‘Hide ‘N Seek”

 

2017 saw an increase in data breaches (and most were preventable)

A few reasons for the increase in data breaches: Attackers are getting better, tools are getting more sophisticated, and the attack surface is growing.

Continue Reading...

Posted in Data Breach, Software Architecture and Design | Comments Off on 2017 saw an increase in data breaches (and most were preventable)

 

Learn how to scale threat modeling with a pattern-based strategy

Performing threat modeling is a difficult and expensive undertaking for most firms. And, understandably. Traditionally, threat modeling requires an experienced security architect with knowledge in three fundamental areas.

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Learn how to scale threat modeling with a pattern-based strategy

 

Meltdown, Spectre security flaws “impact everything”

Welcome to 2018, with two major security flaws revealed that makes any computer device that has chips from Intel, AMD and ARM at risk. One security flaw, dubbed Meltdown, impacts Intel semiconductors, enabling enabling bad guys to steal passwords. The other security flaw, Spectre, impacts chips from all three companies. During an interview with CNBC covered by Reuters, Intel’s chief executive noted that “Phones, PCs, everything are going to have some impact, but it’ll vary from product to product.”

Continue Reading...

Posted in Mergers & Acquisitions, Open Source Security, Software Architecture and Design | Comments Off on Meltdown, Spectre security flaws “impact everything”