Software Integrity Blog

Search Results for 'red teaming'

 

How to mitigate third-party security risks

Third-party products and services are an integral part of business operations. Organizations depend heavily on optimizing their solutions by reducing costs; thus, bringing about the need for external expertise. Third-party organizations promise timely delivery of products and services, meeting compliance requirements, and optimizing the organization’s overall business performance.

Continue Reading...

Posted in General, Maturity Model (BSIMM), Software Architecture and Design

 

Lessons learned from this year’s biggest security breaches

As this year draws to a close, we can look back on 2016 and see what challenges the security industry has had to overcome. Jumping on this bandwagon a bit early, I hope to draw attention to some of the more difficult challenges our industry will face in the coming year. In order to do that, I’ll point out the most newsworthy breaches of 2016.

Continue Reading...

Posted in Data Breach, Internet of Things

 

Synopsys expands security signoff solution with Cigital and Codiscope acquisition

Today Synopsys signed a definitive agreement to acquire two premiere security companies. Cigital, headquartered in Dulles, Virginia, is a large application security firm specializing in professional and managed services for identifying, remediating, and preventing vulnerabilities in software applications. Codiscope, headquartered in Boston, Massachusetts, is focused on security developer tools and training modules, which Cigital distributes. The two companies are strategically aligned with Synopsys, with a shared vision of building security into the software development lifecycle and across the cyber supply chain.

Continue Reading...

Posted in Uncategorized

 

What does the Panama Papers leak have to do with your firm’s data security?

If you have the Internet, which presumably you must if you’re reading this, you’ve no doubt run across stories about the Panama Papers leak: the revelation that an estimated 2.6-terabyte leak of data given to the press may have you cheering the downfall of the politicians wailing for changes in tax policies. There’s one key detail that the general public is overlooking. This situation is unfolding because data was stolen.

Continue Reading...

Posted in Data Breach

 

Top 4 website security tips for development and hosting

If you design, develop, or host websites for SMBs, your clients are trusting you to keep their data secure. Here are our top 4 website security tips.

Continue Reading...

Posted in Web Application Security

 

Rachel Tobac explains how ‘polite paranoia’ can derail social engineering attacks

Rachel Tobac thinks people are the first line of cyber security defense, not the weakest link. She talks about social engineering attacks and how to be “politely paranoid” with us.

Continue Reading...

Posted in General

 

Lance Spitzner: How to secure the human operating system | NCSAM at Synopsys

The original version of this article was published in Forbes.

Continue Reading...

Posted in General

 

Protect your employees from phishing and social engineering | NCSAM at Synopsys

It was a busy summer for healthcare IT staff. The Minnesota Department of Human Services potentially breached 21,000 patients’ personal data. Gold Coast Health Plan emailed 37,000 patients to warn them their data had been exposed. And UnityPoint Health had to notify 1.4 million patients about a data breach—only months after the organization’s last data breach. The cause of all these data breaches? Employees falling for phishing attacks.

Continue Reading...

Posted in General

 

Behavioral security at RSA Conference 2018

Wednesday, RSA 2018: On any given day, there are more than 150 sessions to choose from here. Good luck getting to even 5% of those. The good news is that attendees can get access to most of the sessions they missed after the fact, since the slide presentations are posted and videos are made of just about every one. So you can keep “attending” for months to come. But from a small slice of it in real time: It didn’t get nearly as much buzz as the keynote from Monica Lewinsky of Bill-Clinton-and-blue-dress fame, but the message was still powerful: Behavioral analytics is changing the world of security.

Continue Reading...

Posted in Automotive Security, General, Medical Device Security

 

Smart devices, smart grids, and cyber security

A recent “Innovation Spotlight” in the IEEE XPLORE Digital Library announced “a first-of-its-kind charger that allows plug-in electric vehicles (PEVs) to deliver excess capacity to the power grid and recharge during off-peak hours.” Promising new technologies often evoke questions about security. Suppose a bad actor exploits the connection somehow and brings down portions of the network or grid?

Continue Reading...

Posted in General, Maturity Model (BSIMM), Security Standards and Compliance