Attesting to secure software development practices
Learn how to comply with EO 14028. Discover how CISA's new Attestation Form works, and what you need to know about attesting to secure software development practices. The post Attesting to secure software development practices appeared first on Software Security ... Read More
We’re one step closer to knowing how to comply with EO 14028
CISA’s draft self-attestation form, published today, is a step in the right direction in demystifying EO 14028 compliance ... Read More
Experts warn of critical security vulnerability discovered in OpenSSL
Understand what steps your organization needs to take now to prepare for the upcoming patch to address OpenSSL’s critical security vulnerability on November 1. The post Experts warn of critical security vulnerability discovered in OpenSSL appeared first on Application Security Blog ... Read More
How to Prepare for a Cyberattack
Preventing cyberattacks isn’t easy. If it were, there wouldn’t be a continuous stream of ransomware attacks dominating news feeds, nor would the president of the United States feel compelled to issue executive orders on cybersecurity or to declare that ransomware attacks should be treated like terrorism. While preventing cyberattacks isn’t ... Read More
Review of Apache Struts vulnerabilities yields 24 updated advisories
We found that 24 Apache Struts Security Advisories incorrectly list impacted versions and that previously disclosed vulns affect an additional 61 versions. The post Review of Apache Struts vulnerabilities yields 24 updated advisories appeared first on Software Integrity Blog ... Read More
The Synopsys Cybersecurity Research Center (CyRC): Advancing the state of software security
The Synopsys Software Integrity Group is pleased to announce the public launch of CyRC (Cybersecurity Research Center). Our mission is simple—to advance the state of software security through research, innovation, and evangelism. More specifically, we strive to provide resources and information around the identification, severity, exploitation, mitigation, and defense against ... Read More
The intersection between IAST and SCA and why you need both in your security toolkit
Two powerful yet relatively new technologies in application security testing are interactive application security testing (IAST) and software composition analysis (SCA). IAST solutions are designed to help organizations identify and manage security risks associated with vulnerabilities discovered in running web applications using dynamic testing (a.k.a. runtime testing) techniques. SCA, a ... Read More
Electoral trust meets software security
It’s fair to say that regardless of where you live, assuming you have democratic elections, you want your vote to count—without any form of external influence or tampering. It’s also fair to say that until the most recent election cycle, for many Americans, election tampering was pretty low on their ... Read More
LifeLock lesson—Third party security is your security
On July 25, on his blog Krebs on Security, Brian Krebs covered a flaw in how LifeLock processed “unsubscribe” information related to its marketing activities. For those unfamiliar with LifeLock, it is a subsidiary of Symantec offering identity monitoring and protection services in the U.S. market. Brian outlined an issue ... Read More
Timehop breach provides GDPR response template
With the disclosure of 21 million individuals’ account information being accessed in a data breach at Timehop, we now have a blueprint for what public disclosure of a breach might look like under the new GDPR rules. In their disclosure, Timehop stated that on July 4, malicious actors gained access ... Read More