Endless Summer: Hacker Cons Ride Wave of Third-Party Software Holes

OpenSSL set the stage, but at this week’s Black Hat and DEFCON conferences, researchers will bring down the house on third-party code. We didn’t need the Black Hat and DEFCON hacker conferences to make us aware that vulnerabilities in third-party software were a major security concern – for software vendors and their customers. The “Heartbleed” […]

How to Choose the Right Software Suppliers

When you think about securing your software supply chain, don’t reinvent the wheel: you can learn a lot from initiative like the “green” supply chain. When undertaking something as momentous as driving a new buying criterion into the purchase of software, enterprises would be advised to start practically, by choosing suppliers who are already building […]

Yo, A Cautionary Tale for the VC Community

By Chris Lynch, Partner, Atlas Venture The story of Yo will be used as a cautionary tale in the VC community for years to come. Only a few days after receiving a much talked about $1.2 million in series “A” funding from Angel investor and serial entrepreneur Moshe Hogeg, Yo suffered a massive security breach. […]

VerAfied Feature – Security: the ugly secret at the heart of #eventtech?

This blog post was originally published by GenieConnect at http://www.genie-connect.com/blog/security-the-ugly-secret-at-the-heart-of-eventtech. GenieConnect joined the ranks of our VerAfied secure software directory in June of this year using our static binary analysis service. We’re excited to see and supportive of GenieConnect’s decision to make the security of their software and users, a priority. If you’re short of […]

Just Another Web Application Breach

Another day another web application breach hits the news. This time ITWorld reports Hackers steal user data from the European Central Bank website, ask for money. I can’t say that I’m surprised. Although vulnerabilities (SQL Injection, cross-site-scripting, etc.) are easy for attackers to detect and exploit, they are still very common across many web applications. […]

For Java: I Patch, Therefore I Am?

Oracle’s Java platform is so troubled the question is whether to patch it, or kill it off. Oracle Inc. released its latest Critical Patch Update (CPU) on Tuesday of last week, with fixes for 113 vulnerabilities spread across its product portfolio, including 29 for Oracle’s Fusion Middleware, and 20 for the troubled Java platform. The […]

Introduction, or How Securing the Supply Chain is like “Going Green”

Application security is, as any practitioner will tell you, a hard technical and business problem unlike any other. The best advice for successfully securing software is usually to avoid thinking about it like any other problem — software security testers are not like quality assurance professionals, and many security failures arise when developers think conventionally […]

Is It Time For Customs To Inspect Software?

The Zombie Zero malware proves that sophisticated attackers are targeting the supply chain. Is it time to think about inspecting imported hardware and software? If you want to import beef, eggs or chicken into the U.S., you need to get your cargo past inspectors from the U.S. Department of Agriculture. Not so hardware and software […]

1 2 3 4 69