Collaborate Disseminate
Dan Kuykendall is the Senior Director of Application Security Products at Rapid7 where he directs the strategic vision, research and product development for the company’s application security solutions. Full Show NotesFollow us on Twitter: https://www…. Continue reading Dan Kuykendall, Rapid7 – Application Security Weekly #21
The Defense Advanced Research Projects Agency has contracted Tortuga Logic to develop hardware security tools that use commercial testing platforms to catch vulnerabilities in computer chips before they are deployed, the firm announced. The goal of the contract, awarded by the Pentagon’s R&D arm, is to prevent a repeat of Meltdown and Spectre, the security vulnerabilities revealed in January that affected virtually all modern computer chips. The contract is part of a DARPA hardware and firmware program that strives to make chips more secure at the “microarchitecture level.” DARPA says the program, which is tackling seven classes of hardware vulnerabilities, supports security methods that limit “hardware to states that are assured to be secure while maintaining the performance and power required for system operation.” Tortuga Logic says it can verify hardware security throughout the design process, arguing in a recent white paper that such verification is much more common in […]
The post DARPA is looking to avoid another version of Meltdown or Spectre appeared first on Cyberscoop.
Continue reading DARPA is looking to avoid another version of Meltdown or Spectre
Many of us develop things for one of two purposes: to hack something cool, or to sell something cool. When hacking something cool, your target market is yourself, and you already know you’ve made the sale. If your goal is to sell the thing you are making, then a lot more thought and effort is required. You could develop the coolest product in the world, but if your target market is too small, your price is too high, your lead time is too long, or any of a dozen other factors is not quite right, you’ll be spending a lot …read more
The majority of tech professionals are pressured to roll out projects before they’ve undergone necessary security audits and hardening, according to a new security pressures survey from the security firm Trustwave. 65 percent of full-time IT professionals said management prioritized speed over security, according to the survey of 1,600 tech professionals from around the world. Worldwide, security is actually on a major upswing in this fight compared to 77 percent of IT professionals feeling this pressure in the previous two years. In the United States, however, there has been virtually no change: 71 percent of respondents are pushed to get projects out the door without necessary security checks. Only 35 percent of worldwide respondents said they never faced such pressure. What happens to projects that set aside security in favor of speed? The top two consequences tech professionals fear most from a hacker is personal and corporate reputation damage followed by financial damage to the […]
The post Tech workers are routinely pressured to roll out products that aren’t secure, report says appeared first on Cyberscoop.
About the authors Courtney Bowman has been working in the data analytics space for the last decade. He joined Palantir Technologies in 2010 as an in-house Privacy and Civil Liberties specialist. Ari Gesher is a technologist and software generalist. He leads software engineering at Kairos Aerospace. John K. Grant is a Civil Liberties Engineer at Palantir Technologies. He served for nearly a decade as an advisor in the U.S. Senate. Daniel Slate worked as an … More → Continue reading Review: The Architecture of Privacy
