In their latest OS release, iOS 7, Apple allows for a number of mechanisms to share data, both in the form of files or streaming data. Two of these mechanisms highlight some of the different design choices Apple has made and will likely continue to make in the SDK.
The annual Consumer Electronics Show kicks off in Las Vegas next week. With rivers of ink spilled on cool, new “smart” products, here are five impertinent security questions that no vendor wants to be asked.
The Consumer Electronics Show (CES) kicks off today in Las Vegas. This year’s show is expected to draw some 150,000 attendees from 150 countries.
This holiday season at Veracode wasn’t just spent at a computer like any other day. It’s the time of year that the generosity of its employees shines by making Christmas magical for children in need. Although this is not the first time Cindy Conrad of Veracode has worked with the Department of Children and Families (DCF) based in Malden, MA, it is the first year Veracode has partnered with them to make a memory for those children, and what a memory it is!
Christmas, 2013 will be a banner year for the Internet of Things, as smart gadgets appear like mushrooms under the Christmas tree. But get ready for a privacy hangover, as poorly designed, and insecurely deployed gadgets turn on their masters.
Just in time for the holidays, I received an e-mail by way of Electric Imp. If you’re not familiar with the “Imp,” (my phrase, not theirs), it’s a [PAAS?] that makes it easy to build and connect smart devices.
In this series, we’ve advocated that Application Security is best pursued as a sustained, policy-driven program that employs proactive, preventative methods to manage software risk. This Maturity Curve model has been validated by Veracode using the real world results of hundreds of organizations. They have learned that the key to positive return on investment is to start small and scale up over time with each milestone.
So you’ve got upper management buy-in for your application security proof of concept and are ready to start scanning applications: how do you make sure your proof of concept (PoC) is a success and that you demonstrate the need to progress to a full scale program. This article describes some of the lessons learned at the start of our large-scale deployment of Veracode within our organisation.
The first step is to socialise the PoC internally through word of mouth, discussion forums, and developer communities by driving interest in the availability of a new tool for developers, which will assist in the development process and produce better code.
A group of leading banks, insurance, and mortgage companies including Aetna, Goldman Sachs, JP Morgan Chase, Citi, (among others) recently crafted recommended controls for addressing third party software security in the paper, “Appropriate Software Security Control Types for Third Party Service and Product Providers.” This paper acknowledges that conventional third party controls are no longer sufficient to cover the ever-expanding attack surface presented by web, mobile, and desktop applications developed by third party software suppliers. Further, this group offers three controls for addressing the risk posed by this third party software.
Businesses run on software; it gives us the features and functions needed to make our teams more productive However, these applications and providers build, maintain, and host critical systems as well as high risk data and need to apply the same controls we use. Financial Services are inherently accountable for the risk from vulnerabilities in the software that serves our customers and employees. Too few enterprises have adapted to the growing attack surface of web applications by addressing vendor software security.
Golang is a new open source programming language that is growing in popularity. Since I am getting bored of Python, I decided to begin studying it. While I’m really enjoying it as a language, I was completely caught off guard when I started reading about Golang’s built in HTML templating package. I noticed in their […]
Pen testing? Vulnerability scanning? The U.S. Senate's newest member shows that he can ask the tough questions on privacy and data security. It’s about time.
The technical aptitude of our elected representatives – or the lack of it – is so pronounced that it has become the butt of jokes. Long after the late Alaska Senator Ted Stevens inaptly likened the Internet to a “series of tubes” in 2006, congressmen and women continue to exhibit head-slapping ignorance about topics (like online advertising) that (in theory) they are making laws to govern.