Hot Topics

Security Engineering

Ross Anderson

| | cryptanalysis, cryptography, Cybersecurity, economics of security, Security Conferences, Security Engineering, Uncategorized
Ross Anderson unexpectedly passed away Thursday night in, I believe, his home in Cambridge. I can’t remember when I first met Ross. Of course it was before 2008, when we created the ...
Schneier on Security

New Report on IoT Security

| | Cybersecurity, Internet of things, Reports, Security Engineering, Uncategorized
The Atlantic Council has published a report on securing the Internet of Things: “Security in the Billions: Toward a Multinational Strategy to Better Secure the IoT Ecosystem.” The report examines the regulatory ...
Schneier on Security
SSE NIST DLP Systems and the Solutions They Offer

NIST Sets SSE Framework in Final SP 800-160 Guidance

| | NIST, Secure Coding Guidelines, Security Engineering, systems engineering
The National Institute of Standards and Technology (NIST) published a final version of updated standards for systems security engineering (SSE) with significant content and design changes, including a renewed emphasis on the ...
Security Boulevard

Manipulating Machine-Learning Systems through the Order of the Training Data

| | academic papers, machine learning, Security Engineering, Uncategorized
Yet another adversarial ML attack: Most deep neural networks are trained by stochastic gradient descent. Now “stochastic” is a fancy Greek word for “random”; it means that the training data are fed ...
Schneier on Security

Purdue University’s CERIAS 2021 Security Symposium – Caroline Wong’s ‘Security Industry Context’

| | Blockchain Education, cybersecurity education, Data Security, education, Information Security, Infosec Education, Purdue University CERIAS, security, Security Education, Security Engineering, Security Symposium
Our thanks to Purdue University’s The Center for Education and Research in Information Assurance and Security (CERIAS) for publishing their illuminating security symposiums, seminars, talks, and presentations on the Schools’ YouTube channel ...
Infosecurity.US

Purdue University’s CERIAS 2021 Security Symposium – Ira Winkler’s ‘You Can Stop Stupid: Human Security Engineering’

| | cybersecurity education, education, Infosec Education, Purdue University CERIAS, security, Security Engineering, Security Symposium
Our thanks to Purdue University’s The Center for Education and Research in Information Assurance and Security (CERIAS) for publishing their illuminating security symposiums, seminars, talks, and presentations on the Schools’ YouTube channel ...
Infosecurity.US
The Battle Between Linters, Scanners, and Data Flow Analysis

The Battle Between Linters, Scanners, and Data Flow Analysis

| | AppSec, DAST, SAST, Security Engineering, software engineering
How to balance accuracy and scan times when it comes to application security toolsImage by Gerd Altmann from PixabayWhen it comes to security tools, you’re typically balancing two things: how much time it takes ...
ShiftLeft Blog - Medium
SAST vs. DAST vs. SCA: A Comparison

SAST vs. DAST vs. SCA: A Comparison

| | AppSec, DAST, SAST, SCA, Security Engineering
Photo by Lukas from PexelsThere are many application security testing (AST) tools on the market. To describe them, we have several acronyms, including SAST, DAST, SCA.But, what do they mean?In this post, we’ll cover the ...
ShiftLeft Blog - Medium

Open Source Does Not Equal Secure

| | Cybersecurity, open source, Security Engineering, Uncategorized
Way back in 1999, I wrote about open-source software: First, simply publishing the code does not automatically mean that people will examine it for security flaws. Security researchers are fickle and busy ...
Schneier on Security
BSides London 2019

Security BSides London 2019, Nina Fasel’s ‘My First Program: A Pentesting Tool’

| | BSides London 2019, Conferences, education, Information Security, Pentesting Tooling, Security Applications, Security Engineering, Security Tooling
Many thanks to Security BSides London for publishing their outstanding conference videos on YouTube. Permalink ...
Infosecurity.US
Load more