Archive for the ‘Software Security’ Category

  • Evolving, multiplying threats demand superior application security efforts

    on Nov 24, 14 • by Chris Bubinas • with No Comments

    Evolving, multiplying threats demand superior application security efforts

    The only way for companies to protect themselves while continuing to take advantage of application development is by embracing new, advanced security tools, such as static code analysis solutions

    Read More »
  • Developer buy-in key for application security

    on Nov 17, 14 • by Chris Bubinas • with No Comments

    Developer buy-in key for application security

    It is very possible to maximize app development productivity without sacrificing security. The key to such success is the combination of best practices and tools with developer buy-in

    Read More »
  • New tools, strategies needed to deliver application development security

    on Nov 5, 14 • by Chris Bubinas • with No Comments

    New tools, strategies needed to deliver application development security

    Two recent reports highlighted the extent of companies' application security shortcomings, suggesting the need for revised strategies and new tools

    Read More »
  • Detecting command injection flaws (like Shellshock)

    on Oct 10, 14 • by Roy Sarkar • with No Comments

    Detecting command injection flaws (like Shellshock)

    In this follow up to our last article about Shellshock, we’ll take a look at an example of a command injection flaw and see how Klocwork detects it. As a refresher, a command injection flaw is the result of improper or incorrect neutralization of elements that could modify an intended operating system command. The Shellshock flaw falls under this as Bash doesn’t neutralize string elements declared after a function statement in an environment variable declaration – in fact, it treats the elements as a real command. Finding the flaw Klocwork detects a comprehensive set of

    Read More »
  • Businesses that ignore open source are missing opportunities

    on Oct 6, 14 • by Chris Bubinas • with No Comments

    Businesses that ignore open source are missing opportunities

    A recent survey found that IT professionals widely believed organizations that disregard open source will likely miss out on many opportunities, hurting their ability to compete against more technologically savvy rivals

    Read More »
  • Latest open source vulnerability further highlights importance of security

    on Oct 1, 14 • by Chris Bubinas • with No Comments

    Latest open source vulnerability further highlights importance of security

    Shellshock should serve as motivation for companies relying on open source to shore up their security efforts

    Read More »
  • Reacting to Shellshock

    on Sep 26, 14 • by Roy Sarkar • with No Comments

    Reacting to Shellshock

    The code security industry is reeling from news that a flaw in the widely-used GNU Bash shell, dubbed Shellshock, could enable attackers to hack into vulnerable systems around the world. There have already been reports of exploits seen live and industry experts are both trying to combat the problem and quantify its impact. It already has four entries in the US National Vulnerability Database, covering similar flaws found after the original one, CVE-2014-6271. Interpreting Bash While Bash (Bourne-again shell) has been adopted and installed on many computers for over twenty years, it’s not surprising that

    Read More »
  • Cyberattack strikes more than 1,000 US businesses

    on Sep 24, 14 • by Chris Bubinas • with No Comments

    Cyberattack strikes more than 1,000 US businesses

    A new malware program, known as Backoff, affected more than 1,000 American businesses, resulting in millions of incidents of stolen payment card data

    Read More »
  • Upcoming webinar: How to reduce automotive software development risk

    on Sep 18, 14 • by Roy Sarkar • with No Comments

    Upcoming webinar: How to reduce automotive software development risk

    Avoiding hacks, wrecks, and recalls is the job of every automotive software development team out there … yet few know how to do it. Organizations are under increasing pressure to deliver code that’s compliant to standards, protected from security threats, and free of defects that could result in expensive recalls or loss of consumer trust. To keep pace, traditional testing methods are falling by the wayside in favor of leaner, more effective techniques that get your software verified and validated faster. Join us on Tuesday, September 30th for our “How to reduce automotive software development

    Read More »
  • We’re at the Data Security eConference next week

    on Sep 17, 14 • by Roy Sarkar • with No Comments

    We’re at the Data Security eConference next week

    Software security is making headlines today, whether it’s the exposure of private information or critical systems being compromised. It’s more important than ever for organizations to understand why secure code matters and how to create safer applications. To discuss important trends in cybersecurity today, we’re hosting a virtual booth at the Data Security eConference held by SC Congress 24/7 on September 23, 2014. Join our interactive exhibit to learn about techniques that organizations are using to prevent malicious attacks and ask any questions you have about making your software more secure. In addition, we’re also

    Read More »
Scroll to top