Tag: heartbleed bug

CAST-heartbleed-linked-to-poor-code-qualityYou’d think that after news of the Heartbleed bug broke, every IT organization worth their salt would have immediately moved to start monitoring their structural robustness and code quality to protect their sensitive consumer data. And while many did, two months after Heartbleed was announced, more than 300,000 servers were still vulnerable.

Now, three months later, CAST Research Labs has found there is a direct link between the growing number of data breaches and security incidents, and poor code quality in consumer applications. The data reveals finance and retail industry applications are the most vulnerable to data breaches, with 70 percent of retail and 69 percent of financial services applications shown to have data input validation violations.

CAST Research Links Consumer Data Breaches Directly To Poor Code Quality
Securing open source - Lev Lesokhin spoke with CSO Online about how large IT organizations can secure their business critical applications from known vulnerabilities and shoddy software quality. Be sure to check...
Software Quality: The Problem with Ignoring the Open Source Quality

In a merger, integrating company names is hard enough -- imagine having to integrate massive application portfolios?

As the Justice Department and the FCC evaluate the proposed merger between corporate behemoths Time Warner Cable and Comcast, I wonder if the C-suite at both companies are investing as much time evaluating the health and security of one another’s application portfolio. Historically, technical due diligence has lagged greatly behind the financial due diligence.

ComTimeCastWarner: An Application Portfolio Management Nightmare

On April 7, the IT industry was rocked when it was announced that over 60 percent of the Internet -- even secure SSL connections -- were vulnerable to attack due to a new weakness codenamed Heartbleed. The weakness lives in the OpenSSL cryptographic software library, which encrypts sessions between consumer devices and websites. It’s usually referred to as the “heartbeat” since it pings messages back and forth. Hence the name of the bug.

The Heartbleed bug: how 7 missing lines of code impacted over two thirds of the Internet
The data reveals finance and retail industry applications are the most vulnerable to data breaches, with 70 percent of retail and 69 percent of financial services applications shown to have data input validation violations.

  • Software Quality: The Problem with Ignoring the Open Source Quality

    Securing open source - Lev Lesokhin spoke with CSO Online about how large IT organizations can secure their business critical applications from known vulnerabilities and shoddy software quality. Be sure to check...
  • ComTimeCastWarner: An Application Portfolio Management Nightmare

    In a merger, integrating company names is hard enough -- imagine having to integrate massive application portfolios?

    As the Justice Department and the FCC evaluate the proposed merger between corporate behemoths Time Warner Cable and Comcast, I wonder if the C-suite at both companies are investing as much time evaluating the health and security of one another’s application portfolio. Historically, technical due diligence has lagged greatly behind the financial due diligence.

  • The Heartbleed bug: how 7 missing lines of code impacted over two thirds of the Internet

    On April 7, the IT industry was rocked when it was announced that over 60 percent of the Internet -- even secure SSL connections -- were vulnerable to attack due to a new weakness codenamed Heartbleed. The weakness lives in the OpenSSL cryptographic software library, which encrypts sessions between consumer devices and websites. It’s usually referred to as the “heartbeat” since it pings messages back and forth. Hence the name of the bug.

  • -->