The Split Views on the 30-Day Data Breach Law

by Cigital on Wednesday, January 14, 2015

This week there has been much conversation around President Obama’s prosed law calling for organizations to publically disclose breaches within a 30-day window. With 47 different laws on the books this would provide uniformity across the states and provide clarity to organizations about what they must do regardless of their or their customers’ locations. Recent… Read More

ADT Magazine: 2015 App Security Predictions and Opinions

by Cigital on Wednesday, January 14, 2015

For the second part of John K. Walters “2015 Enterprise Dev Predictions on Convergence, Security, Automation and Analytics”, article series Cigital CTO, Gary McGraw, informs the IT industry that “even if we got rid of all of the bug problems and all the coding errors, we would still only be solving half the app security… Read More

McGraw Asks Who’s in Charge of Medical Device Security

by Cigital on Monday, December 1, 2014

In his latest SearchSecurity article, Gary McGraw discusses the risks behind medical devices that are deeper than patient data, including patient safety risk and in worst cases, death, which can result in the corruption from devices used to preserve patient life. All of these risks around medical devices are caused by the simple fact that… Read More

Software security podcast library

by Cigital on Wednesday, September 17, 2014

Teaming up with, Gary McGraw releases the 102nd monthly Silver Bullet software security podcasts. On this episode Gary chats with Richard Danzig, one time Secretary of the Navy and Board member of the Center for New American Security (among several other things). Gary and Richard discuss Richard’s time at the Department of Defense, what… Read More

McGraw on the IEEE Center for Secure Design

by Cigital on Tuesday, August 26, 2014

This year, The IEEE created the CSD to unite the top security individuals in order to discuss the biggest problems in secure design. Gary McGraw explains the mission behind the center, the top flaws in design today, and how the IEEE’s newest addition plans to attack them. To read Gary’s full story visit If… Read More

Security is front and center for developers

by Cigital on Tuesday, July 29, 2014

Given the recent number of high profile vulnerabilities like Heartbleed many organizations are taking a critical look at their application security programs to determine if what they are doing is enough. The reality is many firms stick with traditional security practices incapable of finding deeper or complex issues. A fundamental way organizations can improve their… Read More

The scary truth about data security with wearables

by Cigital on Wednesday, July 9, 2014

Data brokers collect data from numerous sources for everyone in the US. It is alarming how much data is collected and the potential for security breaches, particularly from wearable devices. Recently our Paco Hope, shared his thoughts on wearable security with Teena Hammond of TechRepublic. Article excerpt: Paco Hope, principal consultant at Cigital, said that… Read More

Cigital Sponsors Cyberjutsu Girls Academy Graduation

by Cigital on Tuesday, June 17, 2014

Do you know someone that has created a piano from fruits and vegetables? Or built a game controller from Play-doh, instead of buying one from the store? I do. Thanks to the Cyberjutsu Girl’s* Graduation, an event sponsored by Cigital, I spent a Saturday with an extraordinary set of 9-16 year old girls who created… Read More

McGraw on assessing medical devices: Security in a new domain

by Cigital on Thursday, June 12, 2014

In his June SearchSecurity article, Gary McGraw and Chandu Ketkar discuss their experiences within the medical industry, including the need for holistic analysis, the common problems found in medical device assessment, and an overall take on what’s next in healthcare security. Common findings from real medical device assessments include: Class 2 medical devices, including monitors… Read More

TweetDeck Goes Down Due to XSS

by Cigital on Wednesday, June 11, 2014

Earlier today a 19-year-old Austrian programmer realized using “&hearts” makes a “♥” symbol in the coding language HTML used on the web. This discovery made it possible to insert program commands via tweet. A security flaw in TweetDeck, made it possible for tens of thousands of TweetDeck users to unwittingly send a line of code… Read More

Page 1 of 1812345...10...Last »