Security Engineering
Ross Anderson
Ross Anderson unexpectedly passed away Thursday night in, I believe, his home in Cambridge. I can’t remember when I first met Ross. Of course it was before 2008, when we created the ...
New Report on IoT Security
The Atlantic Council has published a report on securing the Internet of Things: “Security in the Billions: Toward a Multinational Strategy to Better Secure the IoT Ecosystem.” The report examines the regulatory ...
NIST Sets SSE Framework in Final SP 800-160 Guidance
The National Institute of Standards and Technology (NIST) published a final version of updated standards for systems security engineering (SSE) with significant content and design changes, including a renewed emphasis on the ...
Manipulating Machine-Learning Systems through the Order of the Training Data
Yet another adversarial ML attack: Most deep neural networks are trained by stochastic gradient descent. Now “stochastic” is a fancy Greek word for “random”; it means that the training data are fed ...
Purdue University’s CERIAS 2021 Security Symposium – Caroline Wong’s ‘Security Industry Context’
Our thanks to Purdue University’s The Center for Education and Research in Information Assurance and Security (CERIAS) for publishing their illuminating security symposiums, seminars, talks, and presentations on the Schools’ YouTube channel ...
Purdue University’s CERIAS 2021 Security Symposium – Ira Winkler’s ‘You Can Stop Stupid: Human Security Engineering’
Our thanks to Purdue University’s The Center for Education and Research in Information Assurance and Security (CERIAS) for publishing their illuminating security symposiums, seminars, talks, and presentations on the Schools’ YouTube channel ...
The Battle Between Linters, Scanners, and Data Flow Analysis
How to balance accuracy and scan times when it comes to application security toolsImage by Gerd Altmann from PixabayWhen it comes to security tools, you’re typically balancing two things: how much time it takes ...
SAST vs. DAST vs. SCA: A Comparison
Photo by Lukas from PexelsThere are many application security testing (AST) tools on the market. To describe them, we have several acronyms, including SAST, DAST, SCA.But, what do they mean?In this post, we’ll cover the ...
Open Source Does Not Equal Secure
Way back in 1999, I wrote about open-source software: First, simply publishing the code does not automatically mean that people will examine it for security flaws. Security researchers are fickle and busy ...
Security BSides London 2019, Nina Fasel’s ‘My First Program: A Pentesting Tool’
Many thanks to Security BSides London for publishing their outstanding conference videos on YouTube. Permalink ...