Which Tastes Better for Security, Java or .NET?

In his blog, Gartner analyst Neil MacDonald asks the question, “Is .NET More Secure Than Java?”. Veracode provided data to help answer this question from our “State of Software Security Report” which contains the static analysis results from 1591 Java, .NET and C/C++ applications. .NET comes out slightly ahead. …the vulnerability density (average flaws per […]

HTML5 Security in a Nutshell

Lots of people have been asking us for opinions on HTML5 security lately. Chris and I discussed the potential attack vectors with the Veracode research team, most notably Brandon Creighton and Isaac Dawson. Here’s some of what we came up with. Keep in mind that the HTML5 spec and implementations are still evolving, particularly with […]

MC Frontalot Releases “Zero Day”

“Zero Day” the album that is. Wired has a review. You can read the full lyrics on Frontalot’s site. Here is a snippet: Press play, prepare as history is made: “largest hack in one day,” all the headlines will say. All out of time, hear the chime from the buzzer. Found this bug on my […]

Malicious Mobile Code Meets Exploit Selling

I’ve been focused on conducting research into the mobile spyware arena these last few months and the results have been very interesting. As I’m sure you are aware, I released a fully functional piece of Blackberry Spyware called txsBBSpy at the Shmoocon security conference in February 2010 and have done a number of interviews and […]

Veracode at RSA 2010

Here’s a quick post to let you know all the places to get your Veracode fix at RSA Conference 2010. On the Expo floor, we’ll be in booth 729. I’ll be at the booth for a few hours on Tuesday and Wednesday. Stop by if you’d like to talk about our service offerings, get a […]

Mobile Malware Counterpoints

There have been a lot of great articles written in the wake of my presentation on Mobile Spyware at Shmoocon 2010. Many of them show wonderful insight into the problems that mobile carriers and owners of the mobile applications stores are facing. However, for every handful of great articles, we occasionally come across a technical […]

In Which We Dispel Misconceptions

Some of the media coverage to date has described Tyler Shields’ proof-of-concept spyware as a “BlackBerry hack”, much to our chagrin. In this blog post, we’d like to clarify some of the misconceptions that have surfaced both in the media and in the BlackBerry user community. Feel free to post additional questions in the comments […]

Is Your BlackBerry App Spying on You?

[UPDATE, 2/10/2010: We've written a follow-up blog post to address some of the questions and misconceptions we've been seeing.] Tyler Shields gave a presentation earlier today at ShmooCon 2010 on the threats of mobile spyware, particularly as it relates to data privacy. Smart phones and mobile applications have grown tremendously popular over the past couple […]

Mobile App Security

Neil MacDonald at Gartner asks the question, “Why Don’t Mobile Application Stores Require Security Testing?” I couldn’t agree more that we may be missing an opportunity to bring whitelisting to these new important mobile platforms. We need to leave the “detect and revoke” mentality of the PC world behind as we move to new platforms. […]

Google Admitting Compromise Good News

I applaud Google for coming forward and letting the world know about how they were attacked and what the attackers were after. Secrecy only helps the offense. Most of the time we only hear about attacks when there is public evidence such as a defaced web page, screen shots sourced from the attacker, or there […]

1 2