NIST Wants Comments on Secure Software Development
Oct 15, 2019
The US National Institutes of Standards and Technology recently asked for comments on a new framework for secure software development. Called Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF) this framework seeks to aid developers by providing a somewhat universal framework for secure software development. What this framework doesn’t […]
What Cybersecurity Threats Do We Face In The Cloud?
Oct 31, 2018
Last week I wrote that compliance and complacency are major challenges in the cloud. Yes, defensive technology is the same. However, the cloud poses some specific threats. Multitenancy Multitenancy scares people the most. You share cloud infrastructure with other customers. Your cloud services are running on virtual machines. Those VMs run on shared hardware. You […]
Tools for Reducing Software Vulnerabilities
Aug 17, 2017
NIST, the US National Institute of Standards and Technology, released a report last December, “Dramatically Reducing Software Vulnerabilities.” It has multiple useful and interesting ideas for improving vulnerabilities in software. I want to highlight two that I felt were most important. 1. Education There is no technological substitute for developer discipline. Education is not just […]
Guidelines for Destroying Data and Devices
Sep 19, 2016
In the News Reporters and pundits alike in the US news media have been discussing data and device destruction recently. In particular, they’ve been discussing data destruction with, for example, BleachBit, and device destruction with a sledgehammer. I have not heard any of them discuss the rules NIST (the National Institute of Standards and Technology) […]
Take Their Advice: Disregard Their Earlier Advice!
Oct 7, 2013
The field of cybersecurity is filled with frequent dire warnings. Software vulnerabilities are discovered, accidents in design and implementation. Attack trends are detected, from criminals, foreign militaries, and pranksters. But a recent pair of announcements took an unusual new form. One of the most respected commercial names in cybersecurity warned its customers to stop using […]