McGraw Asks Who’s in Charge of Medical Device Security

by Cigital on Monday, December 1, 2014

In his latest SearchSecurity article, Gary McGraw discusses the risks behind medical devices that are deeper than patient data, including patient safety risk and in worst cases, death, which can result in the corruption from devices used to preserve patient life. All of these risks around medical devices are caused by the simple fact that… Read More

Software security podcast library

by Cigital on Wednesday, September 17, 2014

Teaming up with SearchSecurity.com, Gary McGraw releases the 102nd monthly Silver Bullet software security podcasts. On this episode Gary chats with Richard Danzig, one time Secretary of the Navy and Board member of the Center for New American Security (among several other things). Gary and Richard discuss Richard’s time at the Department of Defense, what… Read More

McGraw on the IEEE Center for Secure Design

by Cigital on Tuesday, August 26, 2014

This year, The IEEE created the CSD to unite the top security individuals in order to discuss the biggest problems in secure design. Gary McGraw explains the mission behind the center, the top flaws in design today, and how the IEEE’s newest addition plans to attack them. To read Gary’s full story visit http://searchsecurity.techtarget.com/opinion/McGraw-on-the-IEEE-Center-for-Secure-Design. If… Read More

Security is front and center for developers

by Cigital on Tuesday, July 29, 2014

Given the recent number of high profile vulnerabilities like Heartbleed many organizations are taking a critical look at their application security programs to determine if what they are doing is enough. The reality is many firms stick with traditional security practices incapable of finding deeper or complex issues. A fundamental way organizations can improve their… Read More

The scary truth about data security with wearables

by Cigital on Wednesday, July 9, 2014

Data brokers collect data from numerous sources for everyone in the US. It is alarming how much data is collected and the potential for security breaches, particularly from wearable devices. Recently our Paco Hope, shared his thoughts on wearable security with Teena Hammond of TechRepublic. Article excerpt: Paco Hope, principal consultant at Cigital, said that… Read More

Cigital Sponsors Cyberjutsu Girls Academy Graduation

by Cigital on Tuesday, June 17, 2014

Do you know someone that has created a piano from fruits and vegetables? Or built a game controller from Play-doh, instead of buying one from the store? I do. Thanks to the Cyberjutsu Girl’s* Graduation, an event sponsored by Cigital, I spent a Saturday with an extraordinary set of 9-16 year old girls who created… Read More

McGraw on assessing medical devices: Security in a new domain

by Cigital on Thursday, June 12, 2014

In his June SearchSecurity article, Gary McGraw and Chandu Ketkar discuss their experiences within the medical industry, including the need for holistic analysis, the common problems found in medical device assessment, and an overall take on what’s next in healthcare security. Common findings from real medical device assessments include: Class 2 medical devices, including monitors… Read More

TweetDeck Goes Down Due to XSS

by Cigital on Wednesday, June 11, 2014

Earlier today a 19-year-old Austrian programmer realized using “&hearts” makes a “♥” symbol in the coding language HTML used on the web. This discovery made it possible to insert program commands via tweet. A security flaw in TweetDeck, made it possible for tens of thousands of TweetDeck users to unwittingly send a line of code… Read More

Join Cigital for comprehensive training and engaging talks at AppSec Europe

by Cigital on Monday, June 2, 2014

Not only will we be exhibiting at OWASP AppSec Europe this month, but members of our team will also be conducting two days of training and delivering two talks during the conference. Visit the AppSec EU website to learn more about the agenda and use registration code EU10_CGTL to save an additional £60 (for members) or £54 (non-members) on your registration fee. We look… Read More

McGraw on Heartbleed shock and awe: What are the real lessons?

by Cigital on Wednesday, April 30, 2014

For his monthly article in SearchSecurity.com, Gary McGraw along with with special guest Aaron Bedra explain the notorious bug, Heartbleed. They aim to provide insight on how to correct issues within the rest of OpenSSL code, and other source projects that can take advantage of the software security activities and practices of BSIMM. A quick… Read More

Page 1 of 1812345...10...Last »