Tag: Security

Le 15 Juin 2016, CAST a organisé un workshop au tour du sujet Security By Design à l’hôtel Hilton, Paris La Défense avec des intervenants de SOLUCOM, ATOS, BNP PARIBAS CARDIF et CAST en présence d’une trentaine de participants du secteur public, finance, énergie, éditeurs de logiciels, etc.

Security By Design

High-capacity network bandwidth has become more widely available, and we have quickly tapped into every last inch of its capacity. More devices are built with wi-fi capabilities, the costs of mobile devices are going down and smartphones are in the hands of more people than ever before. In fact, Apple might have already exhausted the market and is seeing drastically lower sales forecasts for the iPhone.

We are moving into an era in which virtually any device will connect to the Internet. Phones, fitness trackers, dishwashers, televisions, espresso machines, home security systems, cars. The list goes on. Analyst firm Gartner estimates that over 20 billion connectable devices will exist worldwide by 2020. Welcome to IoT—the Internet of Things. A giant network of connectable things.

Application Security in the Internet of Things

In April, Google experienced a fairly significant cloud outage, but it was hardly news at all. In fact, it was likely the most widespread outage to hit a major public cloud to-date. The lack of coverage is strange, considering the industry’s watchful eyes like Brian Krebs and others. The even more recent Salesforce service outage seems to have received more attention. But despite the fact that Google seems to have gotten away with a “pass” this time, the glitch brings renewed attention to the fact that tech players large and small are continuing to deal with software robustness issues.

What Went Wrong at Google - Software Robustness Remains a Struggle

With the advancements of both cloud and mobile technologies, security remains a hot topic for every company. The number of reported instances of security backdoors due to faulty code or hardware continues to stagger. A recent article by Wired has brought forth another one of these unfortunate issues for a big player: Juniper. This technology giant has been providing networking and firewall solutions to companies, corporations, and the government for a number of years.

As a leader in networking technology, the last thing you want to hear is that a tech powerhouse like Juniper has found an application security problem. Two security issues were identified after a code review session outside of the company’s normal evaluation cycle. Security continues to remain a primary concern as more companies, government agencies, and even individuals rely on technology providers to manage data or maintain smooth operations.

Was Lack of Proper Code Analysis Tools a Root Cause of Juniper Networks Security Backdoors?

IT leaders from throughout the federal government discussed the value of how software measurement can positively impact their development process at CAST’s recent Cyber Risk Measurement Workshop in Arlington, VA – just outside of the Washington, D.C. area. The event brought together more than 40 IT leaders from several governmental agencies, including the Department of Defense and Department of State, system integrators and other related organizations. The group shared their experiences in how their respective organizations are driving value to end users and taxpayers.

IT Leaders Address the Value of Software Measurement & Government Mandates Impacting Development

In 2014, the IT infrastructure at the Federal government’s Office of Personnel Management (OPM) was upgraded from a security rating of "material weakness" to one of "significant deficiency," according to The Wall Street Journal's CIO Report. Which means that the OPM, even after upgrading to mitigate software risk, wasn’t up to snuff. That is - to put simply - unacceptable. It is also both a dismal and infuriating fact to learn - especially for those who were among the 21 million present and past Federal employees, revealed last week, to have had their Social Security numbers and other personal information stolen in the recent data breach.

Software Risk: A Tale of Technology Woes and Failures

There’s a common belief in the software development space that when companies choose application outsourcing of their projects, the control they relinquish by doing so results in lower application quality and puts their projects at risk. Once again, however, CAST’s biennial CRASH Report, which reviews the structural quality of business critical applications, has disproved this theory.

Is Application Security Risk a Result of Outsourcing?

If you read the news these days, one would think that software security is something that is layered on top of existing software systems. The truth is, however, that software security needs to be woven into the very fabric of every system and this begins with eliminating vulnerabilities by measuring software quality as the system is built.

During the CAST Software Quality Fall Users Group, Dr. Carol Woody, PhD, senior member of the technical staff at the Software Engineering Institute (SEI) at Carnegie Mellon University, whose research focuses on cyber security engineering, discussed the importance of software quality as a basis for security.

Making Software Quality the First Measure of Software Security

Have you performed code analysis on your software recently? If not, you are in good company as many companies are failing to do the one thing that could improve their software security – making sure the software isn’t vulnerable to an attack to begin with.

Closing the Back Door thru Code Analysis

The Consortium for IT Software Quality (CISQ), will host an IT Risk Management and Cybersecurity Summit on March 24 at the OMG Technical Meeting at the Hyatt Regency Hotel in Reston, VA. The CISQ IT Risk Management and Cybersecurity Summit will address issues impacting software quality in the Federal sector, including: Managing Risk in IT Acquisition, Targeting Security Weakness, Complying with Legislative Mandates, Using CISQ Standards to Measure Software Quality, and Agency Implementation Best Practices.

CISQ Hosts IT Risk Management & Cybersecurity Summit

Whether you move from an on-premise platform to a mobile device or a virtual cloud environment, security has always been the biggest concern. It’s no more shocking to hear about big banks, financial institutes, and large organizations shutting down their business or coming to a standstill due to an unexpected system crash, a security breach, or a virus attack.

Security outages are observed on all platforms. And it is becoming more and more challenging to detect and prevent such malicious intruders from getting into our complex multi-tier systems.

6 Root Causes for Software Security Failures and How to Fix Them

By definition, standards are supposed to be a set of bare minimum requirements for meeting levels of acceptability. In school, the students who took the “standard” level courses were those who were performing “at grade level” and just focused on graduating. Every April in the United States we need to decide whether we will take the “standard deduction” – the bare minimum we can claim for our life’s expenses – or do we have enough to itemize our living expenses and therefore deduce more from our base income before taxes.

Living Up to Standards

Since the time of my first household chores, I cannot recall an age when I did not look at a “to do” list of mine and see the need to prioritize things. Whether it was taking out the trash first because trash collection was the next day or recognizing the need to finish edits to a press release going out the next day, prioritization has always been the first step to me getting work done.

I don’t think I’m alone on this one. Prioritization is probably as important to getting things done successfully as the actual taking on of a task.

Priorities: Fix it First!

I love my job!

I’ve always been an avid writer, even as a kid. So when it came to career choices my decision to enter a profession that demanded writing skills seemed like a natural fit.

I started out as a newspaper reporter, following in my father’s footsteps, but as the jobs and money there began drying up in the mid-1990’s I took my interest in Technology and made the jump to writing for high tech companies and have been happy doing this job ever since.

Quality is a Happy Place

My tastes in entertainment are pretty broad. While I really enjoy attending sporting events and when Bruce Springsteen is in town I lay aside nearly everything else to attend his concert (as I did in Boston on March 26), I’m also one who enjoys catching a Broadway or Off Broadway Show now and then. In fact, I over the next six weeks I will attend two Red Sox games and two shows at the New World Stages theatre in Midtown.

Replaying the Data Breach Blues

interesting report a couple of weeks ago, authored by Francis Brown of consulting firm Stach & Liu, which focused on hackers using search engines to seek out vulnerabilities in organizations’ IT environments.

Google Hacking Tools Help Reveal Software Vulnerabilities

My wife has more degrees than I do but she certainly is not a technorati. So when I accompanied her to the cellular phone store to pick out a new phone I was floored when I heard her talking about 4G with the sales guy. I’ve been in marketing for 20 years and, for most of that time, involved in high tech, complex sales marketing. We spend a lot of time and effort trying to simplify our marketing messages: elevator pitches, unique selling propositions, user scenarios, personas, sales decks, and PR briefing kits all designed to be concise and focus on pain-based messaging.

Why Does My Wife Know About 4G?