Network Solutions “Hacked Account” Demonstrates Incompetence
When in doubt, claim the account was hacked. That appears to be the reasoning of a Network Solutions Technical Support Representative. Normally I do not write about other companies but this is an...
View ArticleNegative Testing Revisited – Vehicle Control Systems (Part 2)
If I were to attribute the current issues with automobile systems to a specific cause, I would say that car and truck manufacturers have been affected by a major transition from mechanical engineering...
View ArticleThe Quest for Secure and Resilient Software
Secure and Resilient Software Development (CRC Press, 2010) by Mark Merkow and Laksh Raghavan is a really good book. It addresses a key security area that is generally given short shrift, even though...
View ArticleThe Infosec Game Has Changed – 154 Dead!
It may not be the first instance, but it is probably the incident that will change the game on software security assurance going forward. An August 20, 2010 msnbc.com article, “Malware implicated in...
View ArticleSoftware Begat Hardware Begat Software Begat …
I happened to be browsing through some magazines at a newsstand when I came across the August 2010 issue of Scientific American and noticed that they were featuring an article by John Villasenor about...
View ArticleOld Mother Hubbard and “Building Data Collection In”
Recently I listened to the webcast of a conference on the security-related data needs of researchers and how, if companies would only share the data, which they supposedly have, the academics would be...
View ArticleSafe and Secure Software Systems Engineering (S4E)
As you read this, you probably will be saying to yourself, “Why would anyone waste so much time worrying about semantics?” Good question. I began thinking the same way after struggling with definitions...
View ArticleIt’s About Availability and Integrity (not so much Confidentiality)
I have frequently contended that the more important aspects of security are availability and integrity, not confidentiality (the old C-I-A triad should be A-I-C in order of importance). That is not to...
View ArticleSoftware Assurance (SwA) and the Department of Defense (DoD)
On December 16, 2013 the Office of the Assistant Secretary of Defense for Research and Engineering (ASD(R&E)) issued a Request for Information (RFI) with the title “Software Assurance,” which can...
View ArticleHeartbled and Shellshocked … What Can We Do?
Well, it happened again. A serious security bug was found in a piece of open-source code called Bash, which is integrated into such ubiquitous software packages as Linux, Mac OS and Apache, and...
View Article
More Pages to Explore .....