Software Assurance News, Articles and Updates
Microsoft officials credit more robust software security design with a diminished number of bugs garnering the tech giant's most severe rating.
Software flaws provide the attack vector of many of today's largest breaches, and organizations must work to rectify those weaknesses.
Security professionals should find little comfort in the announcement over the weekend that LulzSec was folding up shop following an unprecedented, two-month-long hacking spree that left a trail of disruption and embarrassment across multiple industries.
The Software Assurance Forum for Excellence in Code (SAFECode), a nonprofit seeking to advance software assurance, released on Tuesday an updated guidance document outlining the most effective secure development practices in use today. The free report builds upon the first edition by including verification methods and tools that can be used to confirm whether development teams have followed prescribed practices. The report is intended to help organizations initiate or improve their own software security programs and encourage industry adoption of secure development methods. - AM
Much of the software that the U.S. government is running can be successfully exploited, said Dan Shoemaker, professor at the University of Detroit Mercy, at SC World Congress last week.
As part of its twice yearly cycle of advisories, Cisco on Wednesday issued six advisories covering various components of its switches and routers. The fixes include vulnerabilities in Cisco voice products, as well as denial-of-service holes in Cisco IOS and IOS XE software, which can be exploited remotely without authentication and without end-user interaction. Cisco said that an attacker could possibly leverage some of these vulnerabilities to crash its router. The company's next update is scheduled for March 23. - GM
2010 is on pace to become a record-setting year for software vulnerabilities, and third-party applications that are not properly patched are a major blame, according to a new Secunia report.
The Software Assurance Forum for Excellence in Code (SAFECode), a nonprofit seeking to advance software assurance, on Monday released a new report that offers recommendations for avoiding vulnerabilities in the software development process. The free report, titled "An Overview of Software Integrity Controls: An Assurance-based Approach to Minimizing Risks in the Software Supply Chain," provides best practices areas such as contract agreements with suppliers, source code repositories and confirming received goods are not counterfeit. The report complements SAFECode's integrity framework. — DK
SC Magazine Articles
- WordPress Summer of Pwnage: 64 holes in 21 days
- Deal with the devil: Ransomware experiment proves you can negotiate price down
- 2.3 million 'Warframe,' 'Clash of Kings' accounts compromised
- Microsoft EOP exposes users to data breaches, whitepaper
- WhatsApp in the spotlight after Turkey publishes messages of coup officers
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Hard Rock Hotel & Casino Las Vegas hit with POS breach
- X-ray and MRI machines among devices used as springboards for data breach attacks
- Hacker purportedly selling over 650,000 stolen medical records on dark web marketplace
- Wi-Fi warning! Study finds U.S. unaware of public Wi-fi risks
- Russian hackers take the stage at DNC convention
- TSA master key hackers expose dangers of physical and digital key escrow policies
- Patchwork cyberespionage campaign branches out to strike businesses
- Proliferation of hacker culture helped keep Anonymous from being branded terrorist org
- SC wins three top national honors from ASBPE