Secure software development
- October 22, 2018
A zero-day in jQuery File Upload could affect thousands of projects because the jQuery plugin vulnerability has existed for eight years and actively exploited for at least three years.
- September 25, 2018
Cisco hit by yet another new hardcoded credentials flaw, the latest in a long line of such flaws since last year, this time in its video surveillance manager appliance.
- April 19, 2018
Bug bounty programs may seem to offer salvation at a bargain price for securing networks and systems, but Katie Moussouris offers tips for avoiding major pitfalls.
- July 28, 2017
News roundup: Adobe announced that Flash end of life will happen by the end of 2020. Plus, Microsoft expands its bug bounty program, the 2017 Pwnie Awards winners, and more.
- June 09, 2017
News roundup: Kaspersky files a complaint against Microsoft's handling of independent antivirus software for Windows 10. Plus, hackers use Instagram to spread malware, and more.
- April 14, 2017
News roundup: DARPA's SSITH program tackles hardware vulnerabilities for better security. Plus, new risks placed in OWASP Top 10, SWIFT launches new anti-fraud tool, and more.
- February 24, 2017
Security expert Bruce Schneier said programmers' freedom to code whatever they want will likely come to an end. Should the industry brace itself for software regulations?
- January 09, 2017
Truffle Hog utility roots out and detects text blobs with enough entropy to be secret keys -- even those buried deep in old Git repositories -- to prevent exploits.
- December 20, 2016
Google offers developers a new tool, Project Wycheproof, to strengthen crypto libraries with a testing suite to check libraries for known weaknesses.
- July 20, 2016
A critical flaw was discovered in the ASN.1 compiler used by leading telecommunications and networking vendors, and the extent of the vulnerability has yet to be determined.
- October 16, 2015
Jean Yang, who created the Jeeves software language, explains why the industry needs to do a better job of enforcing security and privacy policies in its applications.
- July 30, 2015
Vendors, such as Intel and Cisco, are hoping to pave the way for a security ecosystem in which applications communicate threat intelligence amongst each other. Will it work?
- July 17, 2015
News roundup: Are the tides turning on mobile app safety? One white hat hacker's attempt to reverse-engineer the Subway app offers surprising results. Plus: CloudFlare Transparency Report; another call to eliminate RC4; Black Hat attendant survey.
- June 23, 2015
In its State of Software Security Report, Veracode has found the government has the most vulnerabilities and the lowest rate of remediation in developing Web and mobile apps.
- June 19, 2015
News roundup: Details have emerged about weaknesses in OS X and iOS that allow attackers to upload malware and steal passwords and data. Plus: More jump on HTTPS bandwagon; CSO/CDO salaries increase; 23% of software app components contain flaws.