Twitter
RSS

Posts Tagged ‘coding’


New Book Released: Secure Coding in C and C++, Second Edition

By on Thursday, March 28th, 2013 | No Comments

This book identifies the root causes of today’s most widespread software vulnerabilities, shows how they can be exploited, reviews the potential consequences, and presents secure alternatives.

Read More...

Security is Inconvenient, Deal With It!

By on Tuesday, December 18th, 2012 | No Comments

“ZD Net had an article entitled “Kernel vulnerability places Samsung devices at risk” and I thought “so, what's new” until I followed the link to the forum post on xda-developers. Then I just lost it because I'm certain that this is a result of plain and simple laziness. Here are my arguments for why I think it's laziness: First, This is Samsung we're talking about here….”

Read More...

Cyber espionage threats against Australia rise: ASIO

By on Thursday, October 11th, 2012 | No Comments

“Cyber terrorism and espionage have been highlighted as growing threats to Australian organisations and government departments, according to a new annual report by the Australian Security Intelligence Organisation (ASIO). The Annual Report 2011-12, which was tabled in the federal parliament this week, found that ASIO completed more than 150,000 counter terrorism security assessments during the reporting period. Emerging technology and an Internet-connected world offer new avenues of espionage, read the report….”

Read More...

Buggy out the Door: Externally Discovered Defects (EDD)

By on Thursday, August 16th, 2012 | No Comments

“Are your customers, or more broadly 3rd parties, finding more bugs in your code than you are? Are your development organizations releasing code that has poor quality stamped all over it? Recently I saw a report that had this graphic in it, and my mind wandered a little….”

Read More...

Software Security Assurance: Figuring Out the Developers

By on Thursday, July 19th, 2012 | No Comments

“Lately, this blog has been all abuzz with DevOps, cloud topics and enterprise resiliency. Today I wanted to take us back to where this blog started – App Security. Sometimes you hear someone say something so controversial it sounds ridiculous, and your first reaction is ridicule and dismissal…

Read More...

Detecting Unknown Application Vulnerabilities "In Flight"

By on Wednesday, July 11th, 2012 | No Comments

“Deploying code faster, on the order of multiple times per day, is the essence of the modern ultra-agile enterprise. Nick Galbreath who works over at Etsy talks about this quite often, so much so that his latest presentation on SlideShare caught my attention

Read More...

Making Things Worse by Asking all the Wrong Questions

By on Monday, May 14th, 2012 | No Comments

“If you missed THOTCON 0×3 and Chicago's Security BSides I will tell you, as will others, you missed a pair of events that were cross-sectional to how Information Security is evolving. The two conferences were back-to-back and mixed technical presentations with accessible speakers to try and continue to build a sense of community in sweet home, Chicago.

Read More...

Whats Going Right with Your Secure Development Efforts?

By on Friday, May 4th, 2012 | No Comments

“Consider this If the number one job of a security professional is to place a developers code under a microscope and highlight each and every flaw, you can appreciate why there may be some tension. The majority of solutions used by security professionals to test developer code only offer assessments of what they did wrong

Read More...

Secure Now or Forever…

By on Saturday, February 25th, 2012 | No Comments

“To the non-security community it must appear that the bad guys are smarter and more organized than the security professionals, and that may be because:The 'Good' are talking about security, acting in silos and creating bloated security frameworks that measure controls but not risk;The 'Bad' are acting to get results, getting better at it and getting better outcomes;The outcome is just plain Ugly. Is Rhetoric bad? It can be if it does not spark the required actions….”

Read More...

CERT Oracle Secure Coding Standard for Java Book Published

By on Friday, October 14th, 2011 | No Comments

The CERT Oracle Secure Coding Standard for Java has been published by Addison-Wesley Professional.

Read More...