Impact of the OpenSSL Heartbleed vulnerability on EMC products

The Heartbleed vulnerability (CVE-2014-0160) affects the popular OpenSSL cryptographic software library used to secure internet communication. Following the release of this OpenSSL vulnerability, we immediately initiated a review of EMC Information Infrastructure and RSA products to assess any potential impact. Continue reading

Be Sociable, Share!

Share to Facebook
Share to Google Plus

EMC Product Security Sessions at the RSA Conference

This week in San Francisco, tens of thousands of security professionals are gathering for the the RSA Conference. For the seventh year in a row, representatives from EMC’s Product Security Office have been selected by the conference program committee to speak in a session. If you are at the conference, come an meet one of us: Continue reading

Be Sociable, Share!

Share to Facebook
Share to Google Plus

Open Trusted Technology Provider Accreditation Program

How does one measure the best product-related practices that may be in place in the world of Commercial Off-the-Shelf Technology (COTS)? Often specific versions of an Information and Communication Technology (ICT) product are certified by a third party “Lab” that can examine the state of that version in terms of meeting the security requirements for the identified scope. There are some process aspects of product evaluations that come into play such as one’s approach to handling a found vulnerability with a version of software. The advantage of the product version approach is that if one is acquiring a specific version then one knows that it has been specifically reviewed and evaluated. However there are process gaps in product evaluations that are these days focusing less on secure engineering practices and not yet on supply chain security. Continue reading

Be Sociable, Share!

Share to Facebook
Share to Google Plus

How Product Security Protects & Enables Our Customers to Move the Ball

78460200As a sports fan, I have a tendency to compare sports with my daily job. In the case of American football (apologies to readers who don’t follow), I always compare the role of the offensive line in protecting and supporting their quarterback to make plays to the role product security plays in protecting and enabling our customers to do business. 

During the playoffs I am amazed at how success depends on strategy and specifically how offensive plays called by a coordinator create a successful line to protect the quarterback. A lack of a good offensive line creates risks for the quarterback just as lack of product security can create risks for our customers and make them vulnerable: Continue reading

Be Sociable, Share!

Share to Facebook
Share to Google Plus

Building Trust through Product Security

builtin securitySoftware powers everything – end-user devices, applications, networks, storage, data centers and clouds – and is therefore taking us into a software-defined world. Can we trust software that powers IT? We must, as we strive for resiliency against outages and advanced threats as well as to meet regulatory compliance. Continue reading

Be Sociable, Share!

Share to Facebook
Share to Google Plus