Compliance

This post is the last in a 5-part series on Application Security, or “AppSec”.

By Fergal Glynn

This blog post series has examined the growing threats to software, defined the components of a sound AppSec program, described an evolutionary path to AppSec maturity, and considered a number of tools and technologies worthy of investment. Ultimately, it is the Chief Information Security Officer (CISO) or equivalent’s responsibility to mitigate the enterprise’s level of software risk as part of a comprehensive infosec strategy. In this, the final post in this series, let’s review the return on investment possible from a sound AppSec program, including ways to build a business case for further investment in this critical IT security discipline. Read more »

In a bulletin, the Department of Homeland Security (DHS) is warning healthcare organizations about the threat posed by insecure, network attached medical devices and the proliferation of smart phones, tablet PCs and other mobile devices in medical settings. Read more »

The Pentagon on Friday invited a slew of government contractors to meet and share classified information on cyber threats going forward, part of an initiative that the department hopes will reduce the risk of intrusions to government systems. Read more »

The first annual Index of Cyber Security finds that senior security officers are more concerned than at this time last year about the risk of cyber attack and other online risks, with concerns about ideologically-motivated hacktivists and the threats posed by business partners and other "counter parties" topping the list. Read more »

Facebook today announced proposed changes to its privacy policy that may better explain how it uses cookies and how long it retains your data, which is: "as long as necessary." In addition, it wants the option to use your data for advertising on third-party Web sites. Read more »

The U.S. Department of Homeland Security issued a bulletin on Thursday warning readers about a previously undisclosed, critical vulnerability in Movicon 11, a product used to manage critical infrastructure including the manufacturing, energy and water sectors. Read more »

Search giant Google is in negotiations with the U.S. Federal Trade Commission (FTC) over the size of a fine it will pay. This, after the company was found in breach of privacy controls in Apple’s Safari browser earlier this year. Read more »

This post is the fourth in a 5-part series on Application Security, or “AppSec”. The series will define the components of a sound AppSec program, delineate the growing threats to software, weigh the costs of a data breach, and outline the CISO’s responsibility in managing software security risk. Taken together, they are a primer on AppSec best practices that will help organizations build the business case for further investment in this critical IT security discipline.

By Fergal Glynn, Veracode

As we have examined in this series, the information security practice called Application Security (or “AppSec”) seeks to protect all of the software that runs a business. It has three distinct objectives:
1) Measurable reduction of risk from existing applications
2) Prevention of introduction of new risks
3) Ensuring compliance with regulatory mandates Read more »

An Iranian man who revealed a vulnerability in a widely used point of sale (POS) system in Iran had his blog confiscated by Google, which cited violations of its Terms of Service. Read more »

A new bill introduced to the U.S. House of Representatives would make it illegal for employers and other institutions to require Social Media passwords from their employees.  Read more »