NIST Wants Comments on Secure Software Development
The US National Institutes of Standards and Technology recently asked for comments on a new framework for secure software development. Called Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF) this framework seeks to aid developers by providing a somewhat universal framework for secure software development. What this framework doesn’t […]
What Cybersecurity Threats Do We Face In The Cloud?
Last week I wrote that compliance and complacency are major challenges in the cloud. Yes, defensive technology is the same. However, the cloud poses some specific threats. Multitenancy Multitenancy scares people the most. You share cloud infrastructure with other customers. Your cloud services are running on virtual machines. Those VMs run on shared hardware. You […]
Tools for Reducing Software Vulnerabilities
NIST, the US National Institute of Standards and Technology, released a report last December, “Dramatically Reducing Software Vulnerabilities.” It has multiple useful and interesting ideas for improving vulnerabilities in software. I want to highlight two that I felt were most important. 1. Education There is no technological substitute for developer discipline. Education is not just […]
Guidelines for Destroying Data and Devices
In the News Reporters and pundits alike in the US news media have been discussing data and device destruction recently. In particular, they’ve been discussing data destruction with, for example, BleachBit, and device destruction with a sledgehammer. I have not heard any of them discuss the rules NIST (the National Institute of Standards and Technology) […]
Take Their Advice: Disregard Their Earlier Advice!
The field of cybersecurity is filled with frequent dire warnings. Software vulnerabilities are discovered, accidents in design and implementation. Attack trends are detected, from criminals, foreign militaries, and pranksters. But a recent pair of announcements took an unusual new form. One of the most respected commercial names in cybersecurity warned its customers to stop using […]