Is it Wrong to Assume Software Should be Secure? Part 4 of Talking Code

Where does the responsibility of securing software lie, with vendors or their customers? Ultimately once customers start consistently asking for security, it’s a feature that should be delivered like any other. So what does this mean for all of us? Demand security, trust but verify and hold companies accountable for the quality of the products they sell.

Veracode’s VAST Program Named a Finalist at the Financial World Innovation Awards

Veracode’s VAST Program Named a Finalist in the Financial World Innovation Awards for the Most Innovative Financial Services Solution.

The Veracode Vendor Application Security Testing (VAST) program has been named a finalist in the Financial World Innovation Awards in recognition for its ability to deliver a solution to the complex problem of third party application security in the category of “Technology vendors – Most Innovative financial services solution”.

After Ten Years, Cracks In Microsoft’s Patch Program

Do Microsoft’s recent patch woes portend deeper problems with the security team in Redmond?

It has been quite a while since I wrote, critically, about Microsoft’s patch program, but the company’s latest patch woes have me a bit concerned.

OWASP Top Ten 2013

The open Web Application Security Project (OWASP) was started in 2001 with the avowed mission of ‘making software security visible, so that individuals and organizations worldwide can make informed discussions about true software risks.’ Since then OWASP’s influence has grown to the point that their Top 10 project is referenced by many standards, books, tools, and organizations, including MITRE, PCI DSS, DISA, FTC and more.

Bullrun And The NSA’s Game of Thrones

Of all the startling revelations to come out of the NSA’s efforts to collect and monitor Internet communications, its apparent manipulation of standards backed by the National Institute For Standards and Technology is the most shocking yet.

Safety and Security of the Software in Cars: Talking Code Webisode 2

Episode two of Talking Code featuring Chris Wysopal, Joshua Corman, and Paul Roberts is available today.

The trio talks automobile safety and the divide between safety and security. Says Chris Wysopal; “the difference between safety and security is that in security there is an adversary.” How does he elaborate on this? Watch the video to find out.

Mobile Apps: Unsafe At Any Speed

Mobile device security is more important than features (and other lies we tell ourselves).

I’ve been writing about the security woes of Android, the world’s most popular mobile operating system, for a couple years now. And, during that time, Android adoption has only accelerated.

Security Training: Every Other Person You Meet is Below Average

At nearly every position we hold over the course of our careers, we end up performing tasks beyond those in which our strengths lie. Rarely do we stop and consider the inside threat we pose to our respective organizations due to a lack of proper security awareness in the areas we serve. Join Andrew Reifers as he embarks on an entirely unique version of threat modeling.

1 11 12 13 14 15 68