Smaller open source projects tend to be more secure than proprietary applications, but the opposite is the case for software with more than a million lines of code, according to a new report from Coverity.
While some best practices such as software security training are effective in getting developers to write secure code, following best practices does not necessarily lead to better security, WhiteHat Security found.
In a recent survey, 58% percent of respondents said that the top benefit of real-time Web development was security, but at the same time 67% of the same group listed it as the top concern in their development planning.
Today’s businesses must be able to rapidly adapt to changing market conditions – to support a new venture, merger/acquisition, etc. As business needs change, so too must the underlying security policies.
There is a term currently permeating the security industry that distracts everyone from the larger goals at hand of making networks safer, mitigating threats and protecting critical data. The term is hype.
If I have to sit through another presentation on information security that opens with the canned two or three slides peddling FUD, I’m going to launch myself across the table and unleash my own brand of FUD on the speaker. It’s not the bad guys who are winning, it’s the alarmists.
Immunity Inc. CEO and veteran hacker Dave Aitel talks about his early days in the security space, his argument against security awareness training, why Chris Soghoian is wrong on the exploit sale controversy and his own Brazilian Jiu-Jitsu game tactics.
Application vulnerabilities are a prime vector for attacks. But one aspect of securing enterprise applications often overlooked and almost always poorly handled in organizations, is securing application connectivity!