Blog Posts Tagged with "Secure Coding"
Tenth Anniversary of Gates Trustworthy Computing Memo
January 27, 2012 Added by:Fergal Glynn
January 15th was the 10th anniversary of Gates Trustworthy Computing memo. I asked a mixed group of my colleagues at Veracode to answer this question. The group has a wide age range, and come from many different backgrounds. Some of the answers are really funny. I hope you enjoy...
Comments (0)
Windows Phone Application Analyzer v1.0 Released
January 20, 2012 Added by:Security Ninja
I developed and would like to introduce the Windows Phone App Analyzer, The Windows Phone App Analyser is similar to the static analysis tab in Agnitio. If you browse to any C# .cs files and click scan you will see the keyword highlighting that you might be familiar with from Agnitio...
Comments (0)
Government Cyber Strategy Directs Billions for R and D
December 19, 2011 Added by:Headlines
"When we look at the plan itself, it represents our visions for the research necessary to develop game changing technologies that can help neutralize today's cyber attacks and build an infrastructure to secure our systems from what may come in the future..."
Comments (0)
Top Ten Mistakes Made By Linux Developers
December 11, 2011 Added by:Danny Lieberman
My colleague, Dr. Joel Isaacson talks about the top ten mistakes made by Linux developers. It’s a great article and great read from one of the top embedded Linux programmers in the world...
Comments (0)
Free From Defect Software License
November 22, 2011 Added by:Keith Mendoza
This is a question that I would like to pose to the open-source software community: Assuming that we can ignore the lawyers for a second, what amount of effort would you be willing to put to produce software that is free of defect from workmanship? How will you go about making sure?
Comments (2)
The CERT Oracle Secure Coding Standard for Java
October 18, 2011 Added by:Ben Rothke
The CERT Oracle Secure The CERT Oracle Secure Coding Standard for Java is an invaluable guide that provides the reader with the strong coding guidelines and practices in order to reduce coding vulnerabilities that can lead to Java and Oracle exploits...
Comments (0)
Scanning Applications Faster - A Chicken vs. Egg Problem
October 09, 2011 Added by:Rafal Los
We need to shift the security culture from "find bugs" to "fix bugs" or else we're in deep, deep trouble. Don't get me wrong, once the software industry has figured out how to write secure software by design, then we can worry about demanding bigger, better, faster scanning automation...
Comments (0)
Software Security Assurance - Getting the Formula Right
August 27, 2011 Added by:Rafal Los
Security professionals need to ensure that we're doing what's right for the developers who will be building more secure software, rather than us security professionals who are adept at bolting on security bits. That's the big revelation here, but of course, only if you believe me...
Comments (0)
Software Security Degree Programs
July 17, 2011 Added by:Bozidar Spirovski
More institutions are providing programs and degrees focused on the security aspect of information technology than ever before. Part of the reason for this is the significant projected increase in the number of jobs available in the field...
Comments (1)
Mitigating Injection Attacks
July 07, 2011 Added by:kapil assudani
The developers job gets easier since if he/she is working on an independent code that is a module for the master code, the variable type is identified and hence corresponding input validation / output encoding technique automatically gets applied through the framework...
Comments (0)
Thoughts on Software Security Assurance from a Like Mind
June 10, 2011 Added by:Rafal Los
Being able to tie exploitable issues in a running application to source code is the Holy Grail of security testing... but it's unlikely you'll get good adoption and success if you're trying to hand a bunch of developers black-box security testing technology...
Comments (0)
Proposal for an All-or-Nothing Secure Software Standard
May 10, 2011 Added by:Keith Mendoza
Secure software standards should be all-or-nothing. Either the software--and all of its dependencies--are compliant, or the software is not compliant. Not owning the library, or database, will not be an excuse to not meeting the standards...
Comments (4)
Basic Secure Coding Practices for C or C++
May 04, 2011 Added by:Keith Mendoza
Most privilege escalations take advantage of being able to modify the code being executed because the application writes to memory locations past what it allocated. However, if you have a variable that uses up more space than the amount of data, that's extra space for an attacker to use...
Comments (3)
Majority of Web Apps Deployed with Security Flaws
April 26, 2011 Added by:Headlines
Veracode analyzed nearly five-thousand applications submitted to its cloud-based testing service over the period of eighteen months and found that more than half of the software had some sort of significant security flaw. “Software remains fundamentally flawed," the report states...
Comments (0)
Web Application Security: Can Developers Learn Secure Coding?
April 25, 2011 Added by:kapil assudani
With a secure coding skillset missing from their primary job responsibility, and no enterprise process that introduces/enforces a secure coding process, there are really no incentives for developers to go the extra mile of introducing security into their code...
Comments (0)
Secure Coding: Missing the Goal
March 29, 2011 Added by:Andy Willingham
If we continue to allow poor coding practices then we will always be behind the curve and playing catch-up with the hackers. I know code will always have errors and vulnerabilities in it just as infrastructure and other areas where we implement protections will always have their shortcomings...
Comments (1)
- GitHub Hires Former Cisco Executive Mike Hanley as Chief Security Officer
- Reddit Names Allison Miller as Chief Information Security Officer (CISO)
- SecurityWeek Names Ryan Naraine as Editor-at-Large
- Why Cyber Security Should Be at the Top of Your Christmas List
- United States Federal Government’s Shift to Identity-Centric Security
- How Extreme Weather Will Create Chaos on Infrastructure
- BSIMM11 Observes the Cutting Edge of Software Security Initiatives
- Sustaining Video Collaboration Through End-to-End Encryption
- Will Robo-Helpers Help Themselves to Your Data?
- Securing the Hybrid Workforce Begins with Three Crucial Steps