Paul Roberts

Paul Roberts is an experienced technology writer and editor that has spent the last decade covering hacking, cyber threats, and information technology security, including senior positions as a writer, editor and industry analyst. His work has appeared on NPR’s Marketplace Tech Report, The Boston Globe,, Fortune Small Business, as well as ZDNet, Computerworld, InfoWorld, eWeek, CIO , CSO and He was, yes, a guest on The Oprah Show — but that’s a long story. You can follow Paul on Twitter here or visit his website The Security Ledger.
Posts by Paul Roberts

Et tú, GNU?

December 4, 2014

Pervasive 'rot' in shared code, or proof we're finally taking open source security seriously? The last six months haven't been kind to users of popular open source packages with the recently disclosed flaws found in GNU's Wget and Binutils. First, researchers disclosed "Heartbleed," an exploitable vulnerability in the ubiquitous OpenSSL software package. That was... READ MORE

Facebook: The Importance of Paying for Defense

September 11, 2014

Facebook’s $50,000 award for research on static code analysis puts the focus on the importance of defensive technology - and that’s a welcome change. 26021914_m.jpg We may have over-learned the lesson about the limits of cyber defense. However, Facebook’s surprise award of $50,000 to two researchers for their work on a new method for discovering vulnerabilities in web applications... READ MORE

Why (Cyber) Insurance Is Sexy

September 8, 2014

Nothing says ‘yawn’ like the topic of insurance. One notable exception may be the mushrooming marketplace for cyber risk insurance. But do insurers really know what they’re underwriting? 16866959_s.jpg Nothing says ‘yawn’ quite like insurance - and I say this as the son of one insurance salesman, and the brother of one more. After all: the insurance industry exists to manage risks:... READ MORE

Secure Development - One Bathroom Break At A Time

August 25, 2014

Google went to great lengths to educate their developers about the benefits of security testing - even developing educational materials specifically to be read on the toilet. secure-bathroom-eduation.jpg There's enough evidence in favor of the use of security testing throughout the development cycle as to make "debates" about it moot. Still, many software development operations... READ MORE

For Java: I Patch, Therefore I Am?

July 24, 2014

Oracle’s Java platform is so troubled the question is whether to patch it, or kill it off. 2145480_m_2.jpg Oracle Inc. released its latest Critical Patch Update (CPU) on Tuesday of last week, with fixes for 113 vulnerabilities spread across its product portfolio, including 29 for Oracle’s Fusion Middleware, and 20 for the troubled Java platform. The release has prompted... READ MORE

Is It Time For Customs To Inspect Software?

July 16, 2014

The Zombie Zero malware proves that sophisticated attackers are targeting the supply chain. Is it time to think about inspecting imported hardware and software? 26582743_m_2.jpg If you want to import beef, eggs or chicken into the U.S., you need to get your cargo past inspectors from the U.S. Department of Agriculture. Not so hardware and software imported into the U.S. and sold to... READ MORE

Truth, Fiction and a 20 Year Old Vulnerability

July 10, 2014

The impact of a 20 year old flaw in the LZ4 is still a matter of conjecture. The moral of the story isn’t. not-this-critical_2.jpg I think we can all agree it's not quite THIS critical.   What were you doing in 1996? You remember ’96, right? Jerry McGuire, Independence Day and Fargo were in the theaters. Everybody was dancing the “Macarena”? In the technology world, 1996 was... READ MORE

Med Tech’s Promiscuity Problem

July 1, 2014

A roundtable discussion of medical device security finds that innovation in the connected health space is outstripping security. And the problem will get worse before it gets better. med-tech_2.jpg Physicians are used to counseling their patients on the need to take care of themselves and take reasonable precautions to protect themselves from harm. Are you fond of cycling? Remember... READ MORE

NIST Updates Guidance On Securing Software Supply Chains

June 10, 2014

An updated guide on risk management practices recommends that companies pay more attention to the security of their software supply chain. software-supply-chain-nist_2.jpg A draft release of an updated risk management guide from the National Institute of Standards and Technology (NIST) is warning federal agencies and other firms that operate “high impact systems” to pay more... READ MORE

Heartbleed Still Causing Heartburn on Industrial Systems

May 20, 2014

An advisory from DHS’s ICS CERT makes clear that ICS vendors are making progress toward fixing Heartbleed, but that customers face a long slog. heartbleed-heartburn_2.jpg The good news about the Heartbleed vulnerability in OpenSSL is that most of the major sites that were found to be vulnerable to the flaw have been patched. As has been reported, all of the top 1,000 web sites have... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.