Last week the New York Times broke a story regarding the ability of the NSA to foil basic privacy safeguards. What seemed to catch the most attention from other media outlets, as well as political and technology pundits was the fact the NSA had asked some software vendors to insert backdoors into their code so that the NSA can easily “hack” into systems running these applications.
The coercion of private enterprises by government agencies is disquieting, and backdoors make it possible for cybercriminals as well as the NSA to hack these systems. However, inserting backdoors into systems requires quite a …
Do Microsoft’s recent patch woes portend deeper problems with the security team in Redmond?
It has been quite a while since I wrote, critically, about Microsoft’s patch program, but the company’s latest patch woes have me a bit concerned.
The open Web Application Security Project (OWASP) was started in 2001 with the avowed mission of ‘making software security visible, so that individuals and organizations worldwide can make informed discussions about true software risks.’ Since then OWASP’s influence has grown to the point that their Top 10 project is referenced by many standards, books, tools, and organizations, including MITRE, PCI DSS, DISA, FTC and more.
Paul Roberts of Security Ledger interviews Chris Wysopal and Joshua Corman about the insecurity of the software supply chain. Enterprises aren’t aware of the technical debt they’re inheriting through outsourced software, purchased software, open source software and more.
Of all the startling revelations to come out of the NSA’s efforts to collect and monitor Internet communications, its apparent manipulation of standards backed by the National Institute For Standards and Technology is the most shocking yet.
Episode two of Talking Code featuring Chris Wysopal, Joshua Corman, and Paul Roberts is available today.
The trio talks automobile safety and the divide between safety and security. Says Chris Wysopal; “the difference between safety and security is that in security there is an adversary.” How does he elaborate on this? Watch the video to find out.
Mobile device security is more important than features (and other lies we tell ourselves).
I’ve been writing about the security woes of Android, the world’s most popular mobile operating system, for a couple years now. And, during that time, Android adoption has only accelerated.
At nearly every position we hold over the course of our careers, we end up performing tasks beyond those in which our strengths lie. Rarely do we stop and consider the inside threat we pose to our respective organizations due to a lack of proper security awareness in the areas we serve. Join Andrew Reifers as he embarks on an entirely unique version of threat modeling.
Talking Code is a video web series featuring Veracode Co-founder and CTO, Chris Wysopal, and Akamai’s Head of Security Intelligence, Josh Corman moderated by Security Ledger’s Paul Roberts. Beginning today and continuing over the next 10 weeks we will be releasing one episode a week of the Talking Code series.
The revelation this week about a balky API for Tesla’s Model S cars isn ‘t big security news – but it is a sign of things to come.
Tesla motors, the Silicon Valley darling co-founded and run by PayPal zillionaire Elon Musk is absolutely revolutionizing the way people buy, sell and think about automobiles. The company’s Model S electric vehicle was Motor Trend’s Car of the Year in 2013…