Skip to main content

Paul Roberts

Paul Roberts is an experienced technology writer and editor that has spent the last decade covering hacking, cyber threats, and information technology security, including senior positions as a writer, editor and industry analyst. His work has appeared on NPR’s Marketplace Tech Report, The Boston Globe,, Fortune Small Business, as well as ZDNet, Computerworld, InfoWorld, eWeek, CIO , CSO and He was, yes, a guest on The Oprah Show — but that’s a long story. You can follow Paul on Twitter here or visit his website The Security Ledger.

Posts by Paul Roberts
  • Et tú, GNU?
    December 4, 2014
    Et tú, GNU?

    Pervasive 'rot' in shared code, or proof we're finally taking open source security seriously? The last six months haven't been kind to users of popular open source packages with the recently disclosed flaws found in GNU's Wget and Binutils. First, researchers disclosed "Heartbleed," an exploitable vulnerability in the ubiquitous OpenSSL software package. That was followed by a string of other… READ MORE

Stay up to date on Application Security

  • Facebook: The Importance of Paying for Defense

    Facebook’s $50,000 award for research on static code analysis puts the focus on the importance of defensive technology - and that’s a welcome change. We may have over-learned the lesson about the limits of cyber defense. However, Facebook’s surprise award of $50,000 to two researchers for their work on a new method for discovering… READ MORE

  • Why (Cyber) Insurance Is Sexy
    September 8, 2014
    Why (Cyber) Insurance Is Sexy

    Nothing says ‘yawn’ like the topic of insurance. One notable exception may be the mushrooming marketplace for cyber risk insurance. But do insurers really know what they’re underwriting? Nothing says ‘yawn’ quite like insurance - and I say this as the son of one insurance salesman, and the brother of one more. After all: the insurance… READ MORE

  • Secure Development - One Bathroom Break At A Time

    Google went to great lengths to educate their developers about the benefits of security testing - even developing educational materials specifically to be read on the toilet. There's enough evidence in favor of the use of security testing throughout the development cycle as to make "debates" about it moot. Still, many software development… READ MORE

  • For Java: I Patch, Therefore I Am?

    Oracle’s Java platform is so troubled the question is whether to patch it, or kill it off. Oracle Inc. released its latest Critical Patch Update (CPU) on Tuesday of last week, with fixes for 113 vulnerabilities spread across its product portfolio, including 29 for Oracle’s Fusion Middleware, and 20 for the troubled Java platform. The… READ MORE

  • Is It Time For Customs To Inspect Software?

    The Zombie Zero malware proves that sophisticated attackers are targeting the supply chain. Is it time to think about inspecting imported hardware and software? If you want to import beef, eggs or chicken into the U.S., you need to get your cargo past inspectors from the U.S. Department of Agriculture. Not so hardware and software imported… READ MORE

  • Truth, Fiction and a 20 Year Old Vulnerability

    The impact of a 20 year old flaw in the LZ4 is still a matter of conjecture. The moral of the story isn’t. I think we can all agree it's not quite THIS critical.   What were you doing in 1996? You remember ’96, right? Jerry McGuire, Independence Day and Fargo were in the theaters. Everybody was dancing the “Macarena”? In the technology… READ MORE

  • Med Tech’s Promiscuity Problem

    A roundtable discussion of medical device security finds that innovation in the connected health space is outstripping security. And the problem will get worse before it gets better. Physicians are used to counseling their patients on the need to take care of themselves and take reasonable precautions to protect themselves from harm. Are… READ MORE

  • NIST Updates Guidance On Securing Software Supply Chains

    An updated guide on risk management practices recommends that companies pay more attention to the security of their software supply chain. A draft release of an updated risk management guide from the National Institute of Standards and Technology (NIST) is warning federal agencies and other firms that operate “high impact systems” to pay… READ MORE

  • Heartbleed Still Causing Heartburn on Industrial Systems

    An advisory from DHS’s ICS CERT makes clear that ICS vendors are making progress toward fixing Heartbleed, but that customers face a long slog. The good news about the Heartbleed vulnerability in OpenSSL is that most of the major sites that were found to be vulnerable to the flaw have been patched. As has been reported, all of the top 1,000… READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.