Attesting to secure software development practices

Learn how to comply with EO 14028. Discover how CISA's new Attestation Form works, and what you need to know about attesting to secure software development practices. The post Attesting to secure software development practices appeared first on Software Security ... Read More
New OpenSSL Critical Vulnerability: What to Know and How to Fix | Black Duck

Experts warn of critical security vulnerability discovered in OpenSSL

Understand what steps your organization needs to take now to prepare for the upcoming patch to address OpenSSL’s critical security vulnerability on November 1. The post Experts warn of critical security vulnerability discovered in OpenSSL appeared first on Application Security Blog ... Read More
Lazarus Andariel Log4j flaw RAT malware

How to Prepare for a Cyberattack

Preventing cyberattacks isn’t easy. If it were, there wouldn’t be a continuous stream of ransomware attacks dominating news feeds, nor would the president of the United States feel compelled to issue executive orders on cybersecurity or to declare that ransomware attacks should be treated like terrorism. While preventing cyberattacks isn’t ... Read More
Security Boulevard
Review of Apache Struts vulnerabilities yields 24 updated advisories

Review of Apache Struts vulnerabilities yields 24 updated advisories

We found that 24 Apache Struts Security Advisories incorrectly list impacted versions and that previously disclosed vulns affect an additional 61 versions. The post Review of Apache Struts vulnerabilities yields 24 updated advisories appeared first on Software Integrity Blog ... Read More
DEF CON 26 - Riedesel and Hakimian  - Tineola Taking a Bite Out of Enterprise Blockchain

The Synopsys Cybersecurity Research Center (CyRC): Advancing the state of software security

| | General
The Synopsys Software Integrity Group is pleased to announce the public launch of CyRC (Cybersecurity Research Center). Our mission is simple—to advance the state of software security through research, innovation, and evangelism. More specifically, we strive to provide resources and information around the identification, severity, exploitation, mitigation, and defense against ... Read More
The intersection between IAST and SCA and why you need both in your security toolkit

The intersection between IAST and SCA and why you need both in your security toolkit

Two powerful yet relatively new technologies in application security testing are interactive application security testing (IAST) and software composition analysis (SCA). IAST solutions are designed to help organizations identify and manage security risks associated with vulnerabilities discovered in running web applications using dynamic testing (a.k.a. runtime testing) techniques. SCA, a ... Read More
Electoral trust meets software security

Electoral trust meets software security

| | Application Security
It’s fair to say that regardless of where you live, assuming you have democratic elections, you want your vote to count—without any form of external influence or tampering. It’s also fair to say that until the most recent election cycle, for many Americans, election tampering was pretty low on their ... Read More
LifeLock lesson—Third party security is your security

LifeLock lesson—Third party security is your security

On July 25, on his blog Krebs on Security, Brian Krebs covered a flaw in how LifeLock processed “unsubscribe” information related to its marketing activities. For those unfamiliar with LifeLock, it is a subsidiary of Symantec offering identity monitoring and protection services in the U.S. market. Brian outlined an issue ... Read More
Timehop breach provides GDPR response template

Timehop breach provides GDPR response template

| | Data breach, GDPR
With the disclosure of 21 million individuals’ account information being accessed in a data breach at Timehop, we now have a blueprint for what public disclosure of a breach might look like under the new GDPR rules. In their disclosure, Timehop stated that on July 4, malicious actors gained access ... Read More