Collaborate Disseminate
Everyone agrees that an enterprise’s application ecosystem must be protected, especially when data breaches are reported with alarming frequency and the average total cost of a breach comes in at $3.62 million. However, defeating increasingl… Continue reading AppSec Is Dead, but Software Security Is Alive & Well
Today, in an effort to better understand the evolving nature of software delivery and the role security plays, we released a new report, “Managing Software Exposure: Time to Fully Embed Security into Your Application Lifecycle,”which we com… Continue reading Checkmarx Report: Tackling Software Exposure in the DevOps Cycle
Dean Coclin is the Senior Director of Business Development at DigiCert. Dean brings more than 30 years of business development and product management experience in software, security, and telecommunications to the company. Full Show Notes Subscribe to … Continue reading Dean Coclin, DigiCert – Paul’s Security Weekly #569
Paul and Keith host the first show of Application Security Weekly! Today, they discuss the brief history of application security, software, and software security! With application security on the rise, hackers and attackers over time have evolved into … Continue reading Rise of Application Security – Application Security Weekly #00
The market for cybersecurity is getting more saturated by the hour. Companies and products keep popping out of the woodwork, claiming to provide new flavors of security that Keep You and Your Data Safe! A few of these solutions are good. Most of them a… Continue reading Predicting 2018: Manufacturers Shift to Hardware Security
Software security pioneer Gary McGraw talks to Mike Mimoso about the latest iteration of the Building Security In Maturity Model (BSIMM) report. Continue reading Gary McGraw on BSIMM8 and Software Security
A new framework from a lab in Switzerland could help prevent malware like Petya from spreading, but would also make it difficult — if not impossible — for governments to force software companies to deliver backdoored software updates in secret. The Petya ransomware, and its wiperware variant NotPetya, spread on the wings of a software update unwittingly issued by Ukrainian accounting software company M.E. Doc. An attacker, who many believe to be agents of the Russian government, owned M.E. Doc’s network and injected malicious code into a legitimate software update. This new proof-of-concept technology, dubbed “Chainiac” by the Decentralized/Distributed Systems (DEDIS) lab at the Swiss Federal Institute of Technology in Lausanne (EPFL), offers a decentralized framework that eliminates such single points of failure and enforces transparency, making it possible for security analysts to continuously review updates for potential vulnerabilities. “What Chainiac is trying to do,” Bryan Ford, leader of the group that […]
The post New tool can help prevent government-mandated backdoors in software, Swiss researchers say appeared first on Cyberscoop.
Results of a NTIA survey published today show that researchers prefer open communication with vendors over financial compensation when it comes to vulnerability disclosure. Continue reading Bug Hunters Prefer Communication Over Compensation
Oracle bug hunter David Litchfield scoured Oracle EBusiness Suite looking for vulnerabilities and shared what he found during a Black Hat talk. Continue reading Oracle EBusiness Suite ‘Massive’ Attack Surface Assessed
Kaspersky Lab today at Black Hat USA 2016 announced the launch of a public bug bounty, one of the few offered by a software vendor in the computer security industry. Continue reading Kaspersky Lab Launches Bug Bounty Program