Software Security Testing
Mitigating Third-Party Supply Chain Breaches
The recent SolarWinds data breach was so pervasive it sent shivers through the industry. Who exactly was affected? How deep were the incursions? What are the long-term implications? How will this impact ...
Let’s write a CodeXM checker (it’s not rocket science!)
All systems are go. We have liftoff. Let’s write some CodeXM. If you’ve read the previous two posts, you should come away with a sense that writing a CodeXM checker isn’t rocket ...
What’s so special about zero-day vulnerabilities?
You may have heard about the zero-day vulnerability in the Tor Browser that was disclosed yesterday. It’s a big deal, and not just because of the ethics of buying and selling undisclosed ...
Securing applications with Coverity’s static analysis results
This is the third post in a three-part series on how you can maximize the impact of a static analysis solution by supporting developers and their goals. As discussed in previous posts, ...
CodeXM: Awesome Code Checker Power (Itty-bitty Learning Curve!)
What you need to know, and (more importantly) what you don’t, about the CodeXM checkers. When you develop your software, you may not be aware of what the compiler is doing to ...
Maximizing the impact of static analysis
This is the first post in a three-part series on how you can maximize the impact of a static analysis solution by supporting developers and their goals. Aligning static analysis with development ...
How to help your medical devices meet the UL (and FDA) standard
Any effort to overhaul the cyber security of connected medical devices is likely to take considerable time and energy. Given that many of them are made to last decades, securing them while ...
Golden Cup was a world cup of trouble
Nobody with any connection to, or interest in, the FIFA World Cup can say they weren’t warned. In the days leading up to the quadrennial world championship of European football (or soccer), ...
