Evan Schuman

Evan Schuman has covered IT issues for a lot longer than he'll ever admit. The founding editor of retail technology site StorefrontBacktalk, he's been a columnist for CBSNews.com, RetailWeek, Computerworld and eWeek and his byline has appeared in titles ranging from BusinessWeek, VentureBeat and Fortune to The New York Times, USA Today, Reuters, The Philadelphia Inquirer, The Baltimore Sun, The Detroit News and The Atlanta Journal-Constitution. 
Posts by Evan Schuman

A Very V-E-R-Y Long Day Without Software

October 11, 2017

Over the summer, some friends at Veracode approached me and asked if I would be willing to help them with an experiment. Could I, they wanted to know, spend an entire day neither using nor leveraging any software whatsoever. They bet me that I couldn’t. I love a challenge as much as any journalist so I said “Sure. How hard could it possibly be?” The point of this is to make business people better... READ MORE

Striking the Right Balance Between Security and Functionality

March 23, 2017  | Security News

Doing security well is hard work, but it should never block useful functionality for your customers. If security interferes with key software capabilities, the security must be tweaked. The answer should never be to abandon the functionality and certainly not to abandon the security. And yet two instances from this month suggest that is exactly what is happening. Let's start with election... READ MORE

Android App Holes Means You're On Your Own

March 13, 2017  | Security News

March brought with it yet more news of app security headaches. The latest is the discovery of "132 Android apps on Google Play infected with tiny hidden IFrames that link to malicious domains in their local HTML pages," according to the security firm that made the discovery. But before you dismiss this latest security hole with a yawn and a "so what else is new?," consider... READ MORE

How About Some Shared Security Responsibility For Developers?

February 9, 2017  | Security News

With the New Year unfolding, 'tis the season to be reminded that app security has not yet arrived at the optimal state. Consider this piece from Kaspersky's Threatpost pointing out how re-used third-party libraries perpetuate security holes long after they have been discovered. For 2017, the industry needs a change in approach. AppSec is certainly getting better, but enterprise security... READ MORE

Examining Security Spend Reveals Much About Priorities

February 7, 2017  | Security News

When it is treated as an afterthought, security can never work. When enterprises purchase and write thousands of applications without any formal app security mechanism, they are opening themselves up to breaches. What recent reports show is that there is a real disconnect between the spend on applications and the investment in protecting them.  Gartner is projecting that U.S. enterprises... READ MORE

Some Surprises in the New New York Cybersecurity Regulations

February 2, 2017  | Security News

In the US, there exist no meaningful national cybersecurity rules, but, as a practical matter, that is likely to change this year. But it's not coming from Congress. The catalyst is new rules slated to start in March from the New York State Department of Financial Services. In financial areas, that New York department is typically mimicked by a wide range of other state regulators, along with... READ MORE

Apple's Abandonment Of Its Own App Security Deadline Is Bad For So Many Reasons

January 16, 2017  | Security News

Have a great idea for the most effective way to make life easier for cyberthieves, especially those who are focused on ineffective app security. All you have to do is get one of the most powerful brands in computing to publicly declare a security deadline and then have it quietly withdraw that deadline on the eve of it being effective. For a terrific example of well this can undermine app... READ MORE

App Security Deserves Far More IT Respect

December 15, 2016  | Security News

App Security today is the Rodney Dangerfield of IT security. Everyone knows about it, but it gets no respect. Isn't it obvious that because apps are granted greater data-sharing with other apps and the ability to update itself—directly to the mothership—without IT signoff, that perhaps this should soar to the top of the danger list? Apparently not. Consider just a few examples... READ MORE

Holiday Short-Duration Sites Deliver Long-Duration Headaches

December 12, 2016  | Security News

The holiday season is now upon us, which means retail pop-up stores and seasonal sites. Those are all good for merchants, good for gift-seeking shoppers and potentially very good news for cyberthieves hoping for vulnerable sites that can fuel fraud. Why, you might ask, would a retailer with robust anti-fraud and other security measures forego those efforts for a seasonal site? First, they do and... READ MORE

Strengthening Your Security With Mundane—But Often-Overlooked—App Maintenance

December 1, 2016  | Managing AppSec

It's often said in security circles that a massive percentage of intrusions and breaches could be thwarted by the IT equivalent of eating your vegetables and exercising regularly. Whereas CFOs are often attracted to—or, in some cases, repelled by—the shiny objects of high-end security defenses, the mundane wash-your-hands-before-eating rules have the most impact. That means not... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu