Monthly Archives: May 2014

Cheeseburger Risk: Not for the Faint of Heart


May 20, 2014 By
Derek Weeks
Cheeseburger Risk

If you had a heart attack, would you stop eating cheeseburgers? For most people, the answer is “No”. A recent survey of 1,000 survivors found that 60 percent of heart attack victims weren’t sticking to a healthy diet and about 30 percent still had high cholesterol and blood pressure. Hey, old habits (especially the tasty ones) die hard. Funny thing is, the same behavior for those who have suffered a heart attack is found in application security. If you have been breached, chances are you have not changed your security diet.

Continue reading...

On the Shoulders of Giants: Influential Books for Software Developers


May 16, 2014 By
Jamie Whitehouse
Shoulders of Giants

While there are many books I have read during my career as a software engineer, there are a handful that have been influential in my thinking. Here are my top 2 books for software developers. If you’ve read them before, you might want to read them again through the experience lens of your development career.

Continue reading...

Part 3: How Your Software Is Like a Car – Bad Parts Make for Bad Software


May 14, 2014 By
Wayne Jackson
Component Complexity

In part two of my blog ‘A Closer Look at Today’s Software Supply Chain’, I discussed why human-speed supply chain management can’t keep pace with today’s agile software development practices and why high quality software components are not simply a given. In this final segment, I will share a real world story on how thousands of organizations sourced one “bad part” named Bouncy Castle in 2013.

Continue reading...

4 Open Source Components You Need to Update Right Now


May 7, 2014 By
Brian Fox
Component Vulnerability Stats

Heartbleed has put the security community on notice: it is time to take a harder look at the security status of open source components and frameworks. After doing a little industry research on downloads from the (Maven) Central Repository, I’m sitting here with my jaw hanging open. Over 46 million Java-based open source components containing known vulnerabilities were downloaded from the Central Repository in 2013*.

Continue reading...

Are OpenId and OAuth ‘Bleeding’?


By
Ryan Berg
OpenId and OAuth

Now that Heartbleed has become the new measuring stick for vulnerability disclosures, I have had several people ask me, “Is this OpenId/Oauth thing the next Heartbleed?” The long answer, as Run DMC once said, is “It’s Tricky, Tricky, Tricky, Tricky”. The TL/DR (too long/didn’t read) answer is “No”.

Continue reading...

Like a Good Holiday, the Verizon Breach Report is Here


May 2, 2014 By
Ryan Berg
Verizon Data Breach Report

Like a good holiday the Verizon 2014 Data Breach Investigation Report (DBIR) is something I look forward to every year. Now that I’ve had some office time to digest this, I figured no better time to share my thoughts. I am not going to cover all sections, but do want to highlight a few things that stuck out to me

Continue reading...