Musings on Custer’s Last Stand

Let’s not mince words: this rambling diatribe from Oracle’s CSO is aimed directly at Veracode. No need for a cutesy acronym; we’re the only company with true static binary analysis technology, delivered as a service. Now that we’ve got that out of the way, let’s try to cut through the rhetoric (in just over a […]

When In Rome (Or When At Caesars…)

It’s that time of year again… A time when all the most interesting people, ideas, concepts, and attacks are on display in Las Vegas. That’s right, we are talking about Blackhat USA and associated conferences. Every year about a week before conference time, all the security analysts, researchers, and talking heads begin to espouse their […]

Call For Papers on Software Static Analysis

Call for Papers IEEE Security & Privacy Software Static Analysis Abstract submissions due: 15 Aug. 2011 Final submissions due: 15 Sept. 2011 Publication date: May/June 2012 Secure and reliable software is hard to build, but the costs of failure are steep. Data breaches caused by attackers exploiting vulnerabilities in software made many headlines in 2011 […]

THE Security Problem is Scale

Rich Mogull talks about real world IT security challenges today in his column, “Simple Isn’t Simple” in Dark Reading. I agree 100%. One of the Rich’s points is security has to scale or it doesn’t solve the real world problem. In most cases we know how to solve a security problem for a single instance […]

“We Don’t Sell It? Then It’s Not Important”

[UPDATE: Since there seems to be some confusion, the "We" in the title of this post is NOT "Veracode". The expression is a generic one intended to illustrate the attitude exhibited by many companies who like to downplay the value and/or effectiveness of technologies that they themselves do not sell. I can't believe I am […]

Mobile Security – Users Just Don’t Care

It’s not that users “don’t want to keep their data safe”. They do. Most corporate users don’t want their personal or corporate, private information, available to someone else. They don’t want their email stolen or their contacts pillaged. So why do people insist on ignoring the multitude of security recommendations on how to have a […]

Possible PlayStation Network Attack Vectors

Over the last few weeks there’s been a lot of commentary around the breach of Sony’s PlayStation Network. Sadly, there has been no good discussion of how PSN was breached. What this breach means for Sony is largely defined by how it happened. Before we get to that though let’s go over a quick timeline […]

Buffer Overflows in SCADA ActiveX Controls Put Critical Infrastructure at Risk

Following the industrial control system attack of Iran’s nuclear facilities dubbed Stuxnet, vulnerability researchers have intensified their scrutiny of the software that runs these industrial systems, known as SCADA systems. The results are unsettling. Given the danger of vulnerabilities in the software that controls power and water systems and industrial plants you would expect vulnerabilities […]

State of Software Security, Volume 3

It’s here! Data junkies rejoice! Today we’re proud to release the third volume of our semi-annual State of Software Security report. This edition incorporates data from 4,835 applications analyzed via our cloud-based platform over the past 18 months. After lots of number crunching and a fair amount of head scratching, we’ve unearthed some intriguing findings […]

Mobile App Privacy Continued…

[UPDATE! April 15: Pandora removes all advertising libraries from its Android and iPhone apps!] The blog post we made earlier this week entitled, Mobile Apps Invading Your Privacy, gives detail around the information being requested by the advertisement libraries embedded inside a popular online radio application. There have been a number of great posts and […]

1 4 5 6 7 8 24