Dennis Fisher

It's been more than 10 years now since Microsoft began the initiative that would eventually become Trustworthy Computing, and while the effects it's had inside the company have been well documented, the utility and adoption of the Security Development Lifecycle by outside organizations and customers is less well-known. Several large organizations have adopted the SDL, either in whole or in part, and Microsoft executives say that the effects on these organizations are going to be just as important as they were for Microsoft. Read more »

Google has released Chrome 19 and fixed more than 20 vulnerabilities in its browser, including eight high-risk bugs. The company paid security researchers $7,500 in rewards as part of its bug bounty program, including two rewards for vulnerabilities that applied to Chrome as well as other applications. Read more »

The recent trend of attackers using stolen digital certificates to make their malicious executables look legitimate is continuing unabated, with researchers now having come across a series of variants of the Etchfro Trojan that are using certificates taken from several companies and issued by VeriSign, Thawte and other certificate authorities. Read more »

Just a few days after the company announced that customers would have to pay for security updates to some of its popular products, Adobe officials backed off of that idea and announced that patches for flaws in Illustrator, Photoshop and Flash Professional would be provided after all. Read more »

A group of security experts is working to put together a new global TLD that will require companies and individuals applying for domains to adhere to strict security policies and requirements. The proposed .secure TLD is intended to be a known safe group of domains and would include mandatory use of DNSSEC, TLS for every HTTP session and other security technologies. Read more »

For the second time in less than a week, the developers of PHP have released new versions of the language that include a fix for the remotely exploitable vulnerability that was disclosed last week. The group is encouraging users to upgrade to PHP 5.4.3 or 5.3.13 immediately.  Read more »

Adobe has released patches for a series of vulnerabilities in its product line, including Photoshop, Illustrator, Flash Professional and Shockwave. Several of the vulnerabilities can be used to take complete control of affected machines. Read more »

The PHP Group on Tuesday is planning to release another new version of the scripting language that's designed to address, again, the remotely exploitable flaw that came to light last week. That bug, which requires no authentication, was supposed to have been fixed in new releases pushed out on May 3, but they didn't completely address the problem. Read more »

Apple has patched several serious security bugs in iOS with the release of version 5.1.1 of the mobile operating system. The most serious of the security vulnerabilities could be used for remote code execution. Read more »

Adobe is working on a new version of the Flash player software that will include some upgraded security features, most notably a sandbox for Flash running on Firefox. The beta version of Flash that includes the sandbox for Firefox is available for users now. Read more »