Tag: NIST

The US National Institutes of Standards and Technology recently asked for comments on a new framework for secure software development. Called Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF) this framework seeks to aid developers by providing a somewhat universal framework for secure software development. What this framework doesn’t […]

Last week I wrote that compliance and complacency are major challenges in the cloud. Yes, defensive technology is the same. However, the cloud poses some specific threats. Multitenancy Multitenancy scares people the most. You share cloud infrastructure with other customers. Your cloud services are running on virtual machines. Those VMs run on shared hardware. You […]

NIST, the US National Institute of Standards and Technology, released a report last December, “Dramatically Reducing Software Vulnerabilities.” It has multiple useful and interesting ideas for improving vulnerabilities in software. I want to highlight two that I felt were most important. 1. Education There is no technological substitute for developer discipline. Education is not just […]

In the News Reporters and pundits alike in the US news media have been discussing data and device destruction recently. In particular, they’ve been discussing data destruction with, for example, BleachBit, and device destruction with a sledgehammer. I have not heard any of them discuss the rules NIST (the National Institute of Standards and Technology) […]

The field of cybersecurity is filled with frequent dire warnings. Software vulnerabilities are discovered, accidents in design and implementation. Attack trends are detected, from criminals, foreign militaries, and pranksters. But a recent pair of announcements took an unusual new form. One of the most respected commercial names in cybersecurity warned its customers to stop using […]