Zero in a Bit is a blog about software security. We believe the root cause of most of the security problems today is insecure software. The internet is a global neighborhood where every digital miscreant is your next door neighbor. Far too often, software is the broken window allowing criminals access to the data and transactions organization need to protect.

Zero in a Bit is laser focused on software security. If we talk about vulnerabilities in the internet infrastructure we won’t be dissecting routing protocols, we will be analyzing integer overflows in routing software. When we speak of identity theft it won’t be about stolen backup tapes it will be about SQL injection or cross-site scripting in web applications that hold private data. There is often no process or additional layer that can be wrapped around insecure software to solve these security problems. We think you need to find the flaws in the software and fix them — hopefully before the software gets deployed.

Topics we will cover include:

• Software security testing and analysis
• Software security metrics
• The taxonomy of software vulnerabilities
• Disclosing vulnerabilities
• Zero day vulnerabilities
• Malicious software and backdoors