This post is the third in a 4-part series on Application Security, or “AppSec”. The series will define the components of a sound AppSec program, delineate the growing threats to software, weigh the costs of a data breach, and outline the CISO’s responsibility in managing software security risk. Taken together, they are a primer on AppSec best practices that will help organizations build the business case for further investment in this critical IT security discipline.By Fergal GlynnThis series began with a general definition of Application Security (“AppSec”) as a fundamental infosec practice that addresses the reduction of both immediate and systemic software risk. When undertaken correctly, AppSec takes a systematic, programmatic approach to hardening business-critical software, from the inside. That’s not to say that organizations must over-invest in an advanced program from the start to be effective – in fact, quite the opposite.
Browsing Category: Compliance
UPDATE: Security researchers are warning about the risk posed by an embarrassing security hole in industrial control software by the firm RuggedCom. A hidden administrative account could give remote attackers easy access to critical equipment that is used to manage a wide range of critical infrastructure, including rail lines, traffic control systems and electrical substations.
Data from the Massachusetts Office of Consumer Affairs & Business Regulation (OCABR) shows that 3.2 million residents – almost half the population of the state- have been the victim of a data breach in the last four years.
A long list of security, networking and computer science experts have signed a letter sent to lawmakers on Monday, asking them to drop support for CISPA and other proposed cybersecurity bills because they consider the measures overly broad and say they would infringe on users’ privacy and civil liberties. The group, which includes Bruce Schneier, Peter Neumann and others, said the bills’ focus on allowing the sharing of users’ traffic with government agencies would “unnecessarily trade our civil liberties for the promise of improved network security.”
Search giant Google said it is quintupling the top bounty it will pay for information on security holes in its products to $20,000.
Editor’s Note: This post is the second in a multi-part series on Application Security, or “AppSec” prepared by our friends over at application testing firm Veracode. The series will define the components of a sound AppSec program, delineate the growing threats to software, weigh the costs of a data breach, and outline the CISO’s responsibility in managing software security risk. Taken together, they are a primer on AppSec best practices that will help organizations build the business case for further investment in this critical IT security discipline.By Fergal Glynn, Veracode Inc.
A South Carolina man was arrested yesterday on charges stemming from a data breach that may have leaked personal information on more than 200,000 Medicaid beneficiaries in the state, including their names, phone numbers, addresses, birth dates and Medicare ID numbers according to a report in the newspaper The State.
Estimates of the extent of cyber crime are hopelessly overblown, two computer security researchers argue in an editorial from Sunday’s New York Times.
VIEW SLIDESHOW How to Avoid Getting Hacked While TravelingResearcher Justin Morehouse has logged more than 100,000 miles to eight countries in the last year. His message: business travelers are at greater risk of being hacked than ever before, especially when it comes to smart phones and tablets. Now the security expert has distilled his research and first-hand experiences into some sage advice for travelling executives and VIPs. Here are eight ways you can protect yourself abroad.
Industrial control system vendor Koyo moved to fix vulnerabilities in its ECOM brand programmable logic controllers (PLCs) after researchers, in January, revealed that the devices were vulnerable to brute force password guessing attacks.