Open source has worked its way into a stunning array of commercial and free technology products. Now Google is using its bank account to help improve the security of the underlying code.
The problem is serious enough to prompt OWASP to make room on its Top 10 for third party software components. Veracode’s own Chris Wysopal recently argued that the prospect of NSA “back doors” in common technology were a lot less of a privacy concern than run of the mill vulnerabilities in shared code.
Mobile devices are extremely interesting for attackers because they hold a digital representation of our lives.
Every application that resides on our devices contains information on some aspect of our lives. What games we play, who we talk to, where we work, what utilities make our lives easier are all captured in our mobile devices. Anyone armed with this information can mimic our digital lives to friends, family, colleagues and corporate systems.
The ability to mimic your life is valuable to a variety of people. A marketing department that can mimic your life will get better at selling you things.
The latest episode of Talking Code sees our trio tackling the subject of third party components in software. They cover the upsides and downsides of open source software and the addition of known vulnerable components to the OWASP top 10.
Every week we will be releasing another webisode of Talking Code but if you want to watch the whole series, simply fill out the form at this link and get watching!
The first hurdle to running any successful Application Security program is getting it adequately funded. This should come as no great surprise to anyone. Software security is no different than any other IT initiative. Even a willing security team who has considered the ways needs to find the means, and that involves making a compelling case to those that hold the purse strings.
The failure of online exchanges to cope with the onslaught of millions of taxpayers anxious to buy healthcare shouldn’t be a surprise, say web application security experts. What is surprising is that Uncle Sam didn’t see it coming.
The amount and variety of mobile malware programs targeting smartphone and tablet users is significant and growing at an alarming rate. This blog post will explain the common types of malicious programs targeting mobile platforms, and provide a brief description of each.
Mobile malware first emerged as early as 2004 targeting the Symbian OS, but exploded in 2011 when computer security pros reported a new incident on the Android platform every few weeks. These nefarious programs either install themselves or are installed on the device by unwitting mobile users…
Chris Wysopal, Paul Roberts, and Joshua Corman break down the intricacies of externally developed software. Third party code has been a growing issue for many organizations that have been pushing out software regularly. The trio talks about the concept of Legoland and how building applications today shares many similarities with our favorite childhood hobby.
The Virtual Scan Appliance (VSA) is a virtual appliance that enables dynamic application security testing behind a customer’s firewall through the installation of a virtual machine (VM) in a datacenter behind the firewall. The VSA is integrated into the Veracode Platform for workflow, policy management, and reporting, giving customers a single location for managing the security of public applications and those behind the firewall. To request a VSA, please contact a services representative.
NIST took a big hit to its reputation with the NSA scandal. Will that damage its ability to move ahead on an ambitious cyber security agenda?
For most of its history, the National Institute of Standards and Technology has been an important, if un-sexy arm of the U.S. government. Originally the National Bureau of Standards, NIST is the U.S. government’s measurements and standards laboratory, with a mission to promote innovation and industrial competitiveness by advancing technology standards.
Where does the responsibility of securing software lie, with vendors or their customers? Ultimately once customers start consistently asking for security, it’s a feature that should be delivered like any other. So what does this mean for all of us? Demand security, trust but verify and hold companies accountable for the quality of the products they sell.