Justice League Blog
2013 was a super fast year. In major Cigital highlights, we raised some money and cleaned up our cap table. We launched BSIMM-V. We hosted two BSIMM Community Conferences, one in London for the EU types in March and another in Virginia in November. And while we did all of that, Cigital grew over 25%. Holy cow.
BSIMM-V released today (30-10-13) describes the work of 975 software security professionals working with a development-based satellite of 1,953 people to secure the software developed by 272,358 developers.
Cigital’s Bloomington Office Makes a Big Splash in the Midwest: Cloud Services for Software Security
Inside Indiana Business with Gerry Dick published a piece featuring Cigital’s rapidly expanding office in Bloomington, Indiana. We’re proud of what we have built in Indiana, and we’re looking forward to even more impressive growth. Cigital delivers many of its cloud services from Bloomington. As part of our unified approach to software security, Cigital delivers [...]
Unsurprisingly, German hackers were able to produce a fingerprint prosthetic allowing an attacker to defeat Apple’s TouchID within days of the iPhone 5S release. Media coverage abounds, as has reaction to the attack and discussion about biometrics, multi factor authentication, and-of course-death of the pin/password. Unfortunately, the password’s death has been reported early None of [...]
I just gave the Zombie talk at HP Protect as a main stage keynote: I’ve been giving the Zombie talk for a couple of years now. It all started with the 2011 Cigital Technology Fair where John Wyatt informed me that I could not use “the same slides” again when presenting to the troops. “Everybody [...]
The news of massive monitoring by the NSA broken by the Guardian and The Washington Post is not surprising. The new wrinkle is just how much information is collected and stored every day by corporations whose stuff you use. The Government didn’t build this thing; Facebook did, and Google too (Microsoft wants to play too, [...]
For some time, Rafal Los (@Wh1t3Rabbit) has been asking me to discuss Threat Modeling on his Podcast. We were finally able schedule something and record. Listen to the podcast here: DtR Episode 42 – Threat Modeling w/ @m1splacedsoul Not surprisingly, the topic is meaty and we went over the allotted time We covered: Why threat [...]
Is mobile security the ‘same problem’ as web application security? Is it just ‘different day’? I’ve watched organizations and mobile Thought Leaders argue perspectives on this question back and forth for years. The answer is, of course: both. Mobile security inherits previous problems and solutions while bringing its own unique ones. Let’s get specific about [...]
A quick’un: When the Associated Press‘s Twitter feed was hacked a posted tweet indicated that the president was injured in an explosion. The market momentarily lost $136 billion (*). This event is instructive to security folk. Building security in requires understanding it as an emergent property (let’s avoid the often misused term “business logic flaw”). [...]
Last night in Indianapolis, I was awarded the Career Achievement Award at my alma mater Indiana University. I am honored and grateful to get this award, though I am still very much in the middle of my career! During my brief remarks, I mentioned a handful of people who have helped to inspire and mentor [...]