Happy Friday all, and I hope everyone had a great week. Here are the top headlines from this past week in the security world. Enjoy!

Cyber Security Index: “Cyber Security Index Highlights Political Threats, Business Partner Risk” by Paul Roberts (@paulfroberts). This article from Threatpost looks at this year’s Index of Cyber Security score of 1292, which is 292 points higher than when it was introduced last April. The Index was created by Dan Geer and Mukul Pareek in an attempt to gauge the level of perceived cyber risk and concern based on surveys conducted amongst cyber …

Tonight is the last night that Facebook will be a privately held company. In the morning, Facebook shares will hit the market and there will be a feeding frenzy from investors world wide. Stock buyers will put up somewhere near 16 billion (yes with a “B”) dollars to own a portion of the social networking behemoth. However, the Veracode blog isn’t a stock trading or business blog, it’s a security blog. The real concern with Facebook for us security practitioners, is a lack …

In this, our third and final interview segment with Dan Guido, Co-Founder and CEO of Trail of Bits, Dan talks about how organizations should prepare to face security threats, and attack vectors that pose the greatest threat to enterprises today. Watch the interview.

We were very excited and honored to announce that our own CTO and Co-Founder, Chris Wysopal, had been appointed to the Black Hat Review Board where he will advise Black Hat on its strategic direction, assist in reviewing and programming conference content, and provide extended reach into the research community. According to Trey Lord, General Manager of Black Hat, Chris’s appointment reflects his long-standing contributions to Black Hat as well his stature as an influential subject matter expert in the industry. A prestigious group, the review board is comprised of 21 experts from many …

In this second segment of the interview with Dan Guido, CEO and co-founder of Trail of Bits, Dan focuses on vulnerabilities in mobile devices, and shares the outcome of his research findings that he presented at SOURCE called “Mobile Exploit Intelligence Project”.

Data integrity is a fundamental component of information security. In its broadest use, “data integrity” refers to the accuracy and consistency of data stored in a database, data warehouse, data mart or other construct. The term – Data Integrity – can be used to describe a state, a process or a function – and is often used as a proxy for “data quality”.

Data with “integrity” is said to have a complete or whole structure. Data values are standardized according to a data model and/or data type. All characteristics of the data must be correct – including business rules, relations, dates, …

Happy Friday all! Make the day go by a little faster by taking some time out to catch up with a few highlights from this week’s news stories:

Twitter In The News: An interesting occurrence with Twitter this week was the supposed hack that resulted in the posting of over 50,000 user names and passwords online. An initial report by John Mello in PC World reported that “some of the accounts are duds created by robot programs.” Jay Alabaster said in a later article posted in ComputerWorld that, “None of the recently …

We recently sat down with Dan Guido, CEO and Co-Founder of Trail of Bits at SOURCE Boston 2012, to get his views on topics related to application security. In the first of a three part segment, Dan’s commentary focuses on vulnerabilities in general. You can watch the interview here.

With a goal of helping people understand the overall state of application security, Chris Wysopal, Veracode’s CTO and Co-Founder, recently gave a webinar, “Data Mining a Mountain of Zero-Day Vulnerabilities.” Chris examined the anonymized vulnerability data set produced by Veracode over the course of our analysis of thousands of applications submitted to us by large enterprises, commercial software vendors, open source projects, and software outsourcers. This data set generated interesting observations about application security in various industry verticals, and common mistakes developers make when coding software.

The webinar enjoyed ample audience participation and response, including a …

Following new SEC guidance issued in the US relating to disclosure of cybersecurity risks in company filings, public companies are beginning to be measured by regulators and investors on the strength of their cybersecurity solution and ability to protect intellectual property and customer data. This infographic looks at the state of software security in public companies, and shows why companies and investors alike should care.

TGIF! There was certainly a lot happening in the cybersecurity space this past week. Here are our picks for the top stories. Have a great weekend readers!

Also, if you would like to get a understanding of how to build and scale an Application Security program within your organization, check out Veracoder Fergal Glynn’s latest blog post on threatpost.

Enterprise Security Practices: “Latest wave of healthcare data breaches symptomatic of sloppy security practices” by Neil Roiter (@nroiter). In this Security Bistro blog post Neil Roiter takes a look at the current state of security in the …

I was having a chat with our CFO by the Keurig machine and he said something I thought was interesting – that one of the things the CFOs of public companies worry about the most is surprises. Surprise, you woke up today and found that 10% of the value of your company is gone because confidential customer information was made public. Surprise, the FTC is knocking on your door asking for a forensic security audit. Surprise, your largest investors are calling about the scope of the breach and what it will cost the company. Surprises like …

In iOS 5.0, the call to retrieve the device-specific unique identifier (“UDID”) of an iOS device — specifically, the accessor to UIDevice’s uniqueIdentifier property — was officially marked as deprecated. This probably wasn’t much of a surprise to anyone involved in mobile privacy and application development. For over a year, researchers have been pointing out numerous instances in which popular mobile applications exfiltrate device-specific data to remote sites, sometimes without encryption. This often includes the UDID, but also can include the device’s model information (or more personal data, like address book information). Some examples of this research are

Its Friday, and time for our weekly news roundup!

Dan Geer at Source Boston. Before we begin, I came across a very interesting talk I’d like to share with you – Dan Geer’s keynote at SOURCE Boston 2012. I was not there myself, but I read Dan’s script posted here. Geer’s talk was impressive, a must read for anyone that uses the Internet! Among the many quote-worthy gems in his talk – “The Internet will never be free as it is this morning”.

Fergal Glynn on Threatpost. Additionally, threatpost is featuring a multi-part series of …

We are extremely excited to announce that the Veracode Platform has been chosen as SC Magazine’s Information Security Product of the Year. The award was in recognition of the company’s innovative Veracode Platform and the significant business and technical advantages it has brought to companies investing in the technology.

The SC Awards are widely recognized as the most coveted and prestigious awards for the European information security industry; they honor companies working to secure enterprises, and the vendor and channel communities that deliver innovative security technologies. SC Magazine editors handpicked a panel of judges who hold experience as end users, …