For sale: voter data, ‘unbowed’ by Florence or ransomware, and binding email security

For sale: voter data, ‘unbowed’ by Florence or ransomware, and binding email security

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Voter records for sale on the dark web, what the ONWASA ransomware attack says about the state of critical infrastructure ... Read More
Retail joins the BSIMM—finally

Retail joins the BSIMM—finally

The BSIMM—Building Security In Maturity Model—is now into its 10th year of being a self-described “measuring stick for software security” for multiple industries. But there are still newcomers—this year it’s retail. Ten retail firms participated in BSIMM9, which tracks the development of SSIs (software security initiatives) by organization based on ... Read More
Better passwords in California won’t help much

Better passwords in California won’t help much

California is all done with weak passwords. Well, not right now, but it says it will be done with them for internet-connected devices in another 14 months—starting Jan. 1, 2020. From then on, the Information Privacy: Connected Devices bill, signed earlier this month by Gov. Jerry Brown, will require each ... Read More
Cyber security: Not just ‘a’ job but many jobs of the future | NCSAM at Synopsys

Cyber security: Not just ‘a’ job but many jobs of the future | NCSAM at Synopsys

| | General
The original version of this article was published in Forbes. Cyber security is very obviously a job sector of the future. Official estimates put job growth in the sector at 37% per year, at least through 2022—and that is probably conservative. At the start of this year, there were an ... Read More
Make your home both smart and secure | NCSAM at Synopsys

Make your home both smart and secure | NCSAM at Synopsys

| | Internet of things
The original version of this article was published in Forbes. “Smart but insecure” sounds like you’re talking about a high achiever who needs therapy. Which you could be. But in the online world, it applies to semi-animate objects—the hundreds of millions of devices in American homes that are, at one ... Read More
Remote robbery, an ‘IT incident’ (not a breach?), and face-off on privacy

Remote robbery, an ‘IT incident’ (not a breach?), and face-off on privacy

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Remote robbery by Hidden Cobra, a breach by any other name, and facing down the Fourth and Fifth Amendments. Watch ... Read More
US vows to go on cyber offense

US vows to go on cyber offense

The original version of this article was published in Forbes. We’re all familiar with saber rattling. But this is the digital age. Welcome to the world of cyber rattling. This version of it comes in two policy papers from the U.S. government: the White House Cyber Policy and the Department ... Read More
BSIMM9: Not a how-to but a roadmap to a better SSI

BSIMM9: Not a how-to but a roadmap to a better SSI

You’ve probably seen the commercials. Different situations but always the same theme. In one of them, a guy tells his neighbor, “I need to get my roof repaired. Do you know any contractors?” “Uh, yeah, I might,” the neighbor replies. “Great,” says the first guy. “Can you do a free ... Read More
How to integrate cloud security into your SSI

How to integrate cloud security into your SSI

| | Cloud Security
Every organization that develops or integrates software needs a software security initiative (SSI)—that has been true for years. Security is, or ought to be, as important as function and features. What is also true now, given that the large majority of organizations have already migrated or are planning to migrate ... Read More
Open season on open source, Infinite Campus limited by DDoS, and Mojave’s a bad apple

Open season on open source, Infinite Campus limited by DDoS, and Mojave’s a bad apple

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? It’s open season on enterprise open source, the Infinite Campus DDoS attack takes the company to its limits, and a ... Read More
Loading...