Company evaluated based on ability to execute and completeness of vision
Program provides software buyers with a standard for understanding any vendor’s security posture
Increasing the connectivity between physical and digital systems brings with it increased risks. So says Nick Jennings, Imperial College London Professor of Artificial Intelligence and Vice-Provost and the UK Government’s former Chief Scientific Advisor for National Security, in a foreword to a Royal Academy of Engineering report on cyber safety and resilience. He called for work to investigate measures needed to strengthen the safety and resilience of all connected systems, ‘particularly critical infrastructure that society now depends so much on’.
Last May, President Trump ordered his administration to come up with a plan for securing the U.S. government and the nation's infrastructure from cyberattacks that threaten the country's economy and national security.
The activities of IT security often do not achieve the desired results. That in such cases, good advice is expensive, is a truism. Because often it is relatively simple things that hamper the efficient implementation of a security strategy. Julian Totzek-Hallhuber, Solution Architect at CA Veracode, mentions five avoidable application security bugs
Application security often leads to a niche existence. Mistakenly, most people see this as a problem with developers, and it's a question of the entire company.
The recently discovered "Spring Break" vulnerability is a Remote Code Execution (RCE) security vulnerability that needs immediate attention and is another example of the immense challenges companies face. "Comment by Julian Totzek-Hallhuber, Principal Solution Architect at Veracode.
A remote code execution flaw, dubbed Spring Break, affects various Pivotal Spring projects and could allow an attacker to run arbitrary commands on any machine running applications built using Spring Data REST.
In response to the news that new “Spring Break” critical remote code execution (RCE) vulnerability, which is affecting Pivotal Spring frameworks including Spring Boot, the world’s most popular framework for building web applications, Chris Wysopal, CTO at CA Veracode comments.
Chris Wysopal, CTO of Veracode, a leading cybersecurity company, offers a more moderate option—slowing the computers down. “We could make the computers suffer hard-drive failures, keeping the operators so busy they couldn’t do much else,” Wysopal told me. “This is easy to do, and it would send a message: We can get to you, just like you can get to us, and we can step this up several notches”—for instance, fry the computers, as Clarke suggests—“if you don’t stop.”
Researchers imaginatively dub the new vulnerability "Spring Break"
A flaw that was discovered in Pivotal’s Spring Framework in September 2017 has only come to light now that users have had a chance to update.
If you make security early in development, you can reduce safety risks and long-term development costs quite significantly. The EU Commission is on its way with a number of initiatives that take security from the start.
A DevSecOps strategy won’t work if developers haven’t bought into the movement. CA Veracode held a virtual summit on Assembling the Pieces of the DevSecOps Puzzle yesterday to talk about the importance of developer security training in a DevOps environment.
Meltdown and Specter rang in the year 2018 with a bang, affecting billions of devices. CA Veracode's Julian Totzek-Hallhuber explains in this blog post why it is high time to put security at least on the same level as functionality.
Corporate IT systems with known vulnerabilities are often missed or overlooked. In the case of Equifax, a known vulnerability led to hundreds of millions of dollars in losses. Here are the top-5 ways that vulnerabilities hide inside your company.
Somewhere along the road to DevOps nirvana that so many organizations have been attempting to follow, security got left behind. You see, a big driver of the need for DevOps is the speed with which organizations crank out software. It turns out it's really easy for software development to run off the rails, turning what should be innovation into unnecessary fiascos that can cost millions to fix, or worse yet, cause irreparable damage to a company's reputation.
New software also brings with it new threats to the overall security of an organisation, so understanding the potential risks and vulnerabilities software introduces is essential if businesses want to keep hackers at bay
The U.S. Securities and Exchange Commission introduced new SEC cybersecurity disclosure rules to prevent insider trading related to data breaches and other security incidents.
Attacks by cybercriminals can be costly for businesses if they want to avoid losing their data. The most recent example is Uber, the globally operating U. S. driver service agent, who has been the victim of a Ransomware attack: Data from 57 million customers and drivers were hacked, including names, addresses and driver's license numbers. Over paid $100,000 to the hackers and concealed the incident, but is now exposed to the serious charge of covering up a criminal offence. This latest case shows once again the importance of advanced data protection to prevent cyber attacks. Julian Totzek-Hallhuber, Solution Architect at CA Veracode, gives five tips on how companies can easily and effectively protect themselves against Ransomware attacks.
A machine that automatically finds new vulnerabilities in any software - this is what a team led by Fabian Yamaguchi from Berlin is working on. Can anyone become a hacker?
Hint: hit them where it hurts the most – their own personal reputation and livelihood.
This is a guest article by Julian Totzek-Hallhuber, Solution Architect, CA Veracode. The Aztec Empire, the Roman Empire or the British Empire - if one had asked contemporary witnesses, these cultures seemed untouchable and would last forever. External influences and socio-cultural developments have only made them examples of transience in the course of history. Today, the world looks completely different, but some developments in the shadow of technological progress have the potential to revolutionize our society from the ground up. The advantage is that we are able to recognize early warnings and take countermeasures. When Europeans entered the new world, it was the beginning of the end of the indigenous tribes and advanced cultures of a whole continent. Such a scenario, which in the long run can wipe out entire civilizations, is of course unthinkable nowadays, since today's cultures are consolidated and embedded in the global community. Accordingly, such upheavals today have far more far-reaching consequences, affecting much larger regions and sometimes the whole world. Three scenarios in particular are now able to change the course of the world from the ground up.
With recent news that the NHS’s lost of thousands of patient records and documentation and are now failing cyber security tests.
Much has changed in software security over the last year. Nation state-directed attacks demonstrated the significant danger posed by software vulnerabilities and raised the pressure on developers to secure their software. Attackers used exploits leaked from the National Security Agency (NSA), for example, to spread ransomware, including the costly WannaCry and NotPetya attacks.