Software Development Methodology
- January 09, 2017
Truffle Hog utility roots out and detects text blobs with enough entropy to be secret keys -- even those buried deep in old Git repositories -- to prevent exploits.
- December 20, 2016
Google offers developers a new tool, Project Wycheproof, to strengthen crypto libraries with a testing suite to check libraries for known weaknesses.
- July 20, 2016
A critical flaw was discovered in the ASN.1 compiler used by leading telecommunications and networking vendors, and the extent of the vulnerability has yet to be determined.
- October 16, 2015
Jean Yang, who created the Jeeves software language, explains why the industry needs to do a better job of enforcing security and privacy policies in its applications.
- July 30, 2015
Vendors, such as Intel and Cisco, are hoping to pave the way for a security ecosystem in which applications communicate threat intelligence amongst each other. Will it work?
- July 17, 2015
News roundup: Are the tides turning on mobile app safety? One white hat hacker's attempt to reverse-engineer the Subway app offers surprising results. Plus: CloudFlare Transparency Report; another call to eliminate RC4; Black Hat attendant survey.
- June 23, 2015
In its State of Software Security Report, Veracode has found the government has the most vulnerabilities and the lowest rate of remediation in developing Web and mobile apps.
- June 19, 2015
News roundup: Details have emerged about weaknesses in OS X and iOS that allow attackers to upload malware and steal passwords and data. Plus: More jump on HTTPS bandwagon; CSO/CDO salaries increase; 23% of software app components contain flaws.
- June 05, 2015
Security software expert Gary McGraw says testing for security flaws must be automated if everything is going to be checked.
- May 07, 2015
Robert 'Rsnake' Hansen of WhiteHat Security discusses the Aviator Web browser, why Google lashed out against it, the challenges of browser security and lessons learned for developing secure software.
- April 27, 2015
At RSA Conference 2015, a pair of DevOps proponents explained why the nascent movement to integrate development and IT operations staff pays security dividends.
- September 16, 2014
Developers increasingly rely on a variety of open source components, but a VerSprite researcher warns that security issues accompany many popular frameworks.
- June 10, 2014
Video: Chris Wysopal of Veracode discusses the risks of externally sourced code and monitoring its use in the enterprise.
- May 21, 2014
As attackers increasingly target e-commerce websites, vulnerable applications and third-party plug-ins represent an easy avenue of exploitation.
- March 31, 2014
Gary McGraw discusses why the software security segment of the IT security industry is growing at a faster rate than the category as a whole.