Software Security Training for All

Posted on by
Reply

 Fifteen years ago, a common representation of the hacker was a computer science college student hacking systems from his or her dorm room. Nowadays hackers operate on a different scale; they are more often affiliated to criminal organizations or to nation states than to colleges or universities.

The only thing today’s cyber attackers have in common with college students from 15 years ago can be summarized in 2 words: SOFTWARE VULNERABILITY. Most recent days attacks involve the exploitation of a zero day software vulnerability that has certainly been created by software engineers who used to be computer science college students several years ago. Sadly, software security is not a significant part of most software engineering curricula, leaving it to the developers to learn defensive coding techniques by themselves or to their employers to invest in expensive security engineering training. Continue reading

Be Sociable, Share!

Share to Facebook
Share to Google Plus

Secure Product Deployment: A Team Sport

Posted on by
Reply

Year after year, studies such as the Verizon Data Breach Investigation Report show software vulnerabilities and misconfiguration among the main data breach causes. BatonAt EMC, we operate under the assumption that securing a product in a customer environment is a team sport between the product vendor and the customer deploying the product. The vendor plays a greater role upstream with a focus on adopting secure development practices and in properly handling and responding to vulnerabilities reported on the product. The customer takes the baton from the vendor and plays a larger role downstream by taking the necessary steps to securely deploy and maintain the product. Continue reading

Be Sociable, Share!

Share to Facebook
Share to Google Plus

Open Group’s New Open Trusted Technology Provider Standard: How Trustworthy are Your Products?

Posted on by
1

The English saying “You are what you eat”, just like many other aspects of culinary history, has its origin in France and more precisely from Jean Anthelme Brillat-Savarin’s “The Physiology of Taste: Or Meditations on Transcendental Gastronomy” who first wrote

“Tell me what you eat, and I shall tell you what you are.”

In French: “Dis-moi ce que tu manges, je te dirai ce que tu es.”

This week’s release by the Open Group of the Open Trusted Technology Provider Standard (O-TTPS) subtitled “Mitigating Maliciously Tainted and Counterfeit Products” Continue reading

Be Sociable, Share!

Share to Facebook
Share to Google Plus

SAFECode Welcomes Howard Schmidt

Posted on by
Reply

Today, SAFECode announced the appointment of Howard Schmidt as its new Executive Director. At a time when Cybersecurity has become a top priority for governments in the US and around the world, Howard’s experience and reputation will help SAFECode be more effective in promoting proven software assurance practices across the industry and with governments across the world. Continue reading

Be Sociable, Share!

Share to Facebook
Share to Google Plus

EMC’s Approach to Vulnerability Response

Posted on by
Reply

Let’s face it – real software products have security vulnerabilities! While building strong secure software development practices goes a long way towards detecting and helping to eliminate security vulnerabilities during the development process, a strong product security program also needs to be prepared to properly handle and respond to security vulnerabilities found in the product after it has shipped. Continue reading

Be Sociable, Share!

Share to Facebook
Share to Google Plus