Smaller open source projects tend to be more secure than proprietary applications, but the opposite is the case for software with more than a million lines of code, according to a new report from Coverity.
The “if it works don’t touch it” mentality continues to thwart many aspects of cyber security — including information sharing. It’s also why the trust required to implement a successful Information Sharing scheme is also unlikely to blossom overnight.
In this podcast, Cylance Technical Directors Billy Rios and Terry McCorkle discuss the state of security in the ICS/SCADA world, the need for secure coding practices and whether the industry will have to rely on third-party security software.
The challenges of Java-based threats go deeper than your average 0-day vulnerability, and these challenges will likely affect your approach to controlling them. Organizations need to weigh the risk of a technology against the reward for the enterprise.
Ryan Naraine talks to Christopher Soghoian about the latest iMessage encryption brouhaha, the indifference of the telephone companies towards security and the controversial practice of buying and selling software exploits.
Immunity Inc. CEO and veteran hacker Dave Aitel talks about his early days in the security space, his argument against security awareness training, why Chris Soghoian is wrong on the exploit sale controversy and his own Brazilian Jiu-Jitsu game tactics.
In this debut episode the Security Conversations Podcast, Ryan talks to David Lenoe, Adobe's Product Security Incident Response Team (PSIRT) group manager, about the frustrations of responding to the "partial disclosure" of security vulnerabilities.
When it comes to security, you can scan for vulnerabilities all day long and even convince yourself that you know where that threat is hiding, but until you’re able to capture, correlate and contextualize it, it means nothing.