What Microsoft's Agile Development Plans Mean for Application Security

Waterfall development has been a staple of technology's largest software houses for decades, but now even the most blue-chip tech firms are considering more nimble approaches. Agile development has proven its power over the past few years, and Microsoft looks to be shifting its development process to take advantage of its benefits — including that fact that it provides an opportunity for CISOs to easily integrate security testing into their development processes, ensuring their apps are as secure as possible in a time when information security is only growing in importance. A More...

Read More

Want a Powerful Culture of Security? Communicate "the Why"!

This post was jointly authored by Vivian Vitale, EVP of Human Resources and Maria Loughlin, VP of  Engineering at Veracode. What is a culture of security? Can you impose one? Does it evolve? What are the elements that make it stick? As leaders at Veracode, where security is job #1, we challenge ourselves with these questions. We represent two different functional perspectives: the human-resources lead and the engineering lead. We both come from companies deeply rooted in security, whether we're talking products or services (or both). Together, we have learned that multiple cultural...

Read More

How Medical Services Can Close the Gap in Healthcare Security

Personally identifiable information (PII) is rapidly becoming a hot commodity for cybercriminals, since it lets them file false tax returns and create fake credit-card accounts. But the most valuable PII? Healthcare data. Once compromised, thieves can use this data to claim medical benefits and obtain prescription drugs. According to Healthline, healthcare security took a beating last year, with 44 percent of total identity breaches targeting the medical-services industry. As noted by Modern Healthcare, more than 12 percent of all Americans have suffered some kind of healthcare-related...

Read More

Google Chrome Apps: A Modern Way to Build a More Secure Web

Browsers are a common method for users to access apps and services. Even heavily mobile-centric apps (such as Instagram) are launching complementary browser versions. If you're thinking of developing a Web app, check out Google's new Chrome App model. Boasting an array of security features, the model will enable developers to build browser apps that have the security and native look and feel of regular desktop apps and deploy them over multiple platforms simultaneously. Web Apps with Native-like Security Just like regular Web apps, Chrome Apps are written in HTML5, JavaScript and CSS...

Read More

Karma Chameleon: Actual Advice for Women in Tech

When it comes to women in tech, how about some advice that stands out for the right reasons? Last week I attended the Grace Hopper conference to proudly watch my sister, Anne Condon, receive the ABIE Technology Leadership award. At the conference keynote I had a front row seat for Microsoft’s CEO, Satya Nadella’s astonishing interview. Surrounded by 8000 inspiring female computer scientists I heard his now-infamous comment: “It’s not really about asking for the raise, but knowing and having faith that the system will actually give you the right raises as you go along...

Read More

How to Improve Cloud Computing Security Across an Enterprise

Since its inception, cloud computing has had the reputation of being high-risk when it comes to information security — and, according to a new study, that's still a problem. Enterprises looking to the cloud as a way to increase their agility or cut costs should be aware of these issues; in addition, CISOs have to understand the methods at their disposal that enable them to mitigate risk to data that's stored or processed in the cloud. Security and the Cloud Forbes' report on a new study highlights alarming cloud computing security trends in the health-care industry. The...

Read More

The Agile Dope Slap

Here's the truth: Agile is not a panacea, particularly when you're working with multiple Scrum teams on various continents with unavoidable interdependencies. That said — in the context of Winston Churchill's claim that "democracy is the worst form of government except all those other forms that have been tried from time to time" — Agile is the worst form of software development, except all those other forms that have been tried from time to time. As we struggle through some of the challenges of scaling this method (and they're real; read Gary Gruver'...

Read More

The OCC Returns: New Merchant Processing Rules

When your industry builds software or handles money electronically, standards are perhaps best filed under the "necessary evil" banner: No matter how out of touch they may seem — or what a pain they may be to people on the back end — they're created to help end users who put the money there to begin with, and that makes them worth following. Which is why the recent revision of the Comptroller's Handbook Booklet by the Office of the Comptroller of the Currency (OCC) is so crucial to all companies involved in the merchant processing spectrum. With its 86 pages of...

Read More

The Heartbleed Vulnerability: Healthcare's Chronic Problem?

Heartbleed. Back in April, this bug was on the radars of companies across the globe. Large corporations struggled to find and patch systems and ensure no critical information was compromised. Not all succeeded: The Canada Revenue Agency had 900 social insurance numbers lifted from its database. When the dust settled, many companies went back to business as usual — but that doesn't mean the Heartbleed vulnerability is behind us. Look at the problems it is causing for healthcare companies. Ouch! According to CSO Online, Community Health Systems (CHS) was victimized by the CVE-2014-...

Read More

To Customers, Security Compliance Is Cool — Take It from Dr. Evil

So, you're thinking about upgrading your security program? What's stopping you? Not only could you be getting hacked as you read this, but your security compliance could be selling your product to customers who are considering purchases. Many companies still aren't compliant with the PCI Security Standards Council's latest standards in Web app security, including 42 percent of businesses that handle up to one million Visa transactions per year. How can following the rules make you stand out from the crowd? Yo! Can't We All Get Along? In the post-Heartbleed world of...

Read More

Pages