SEARCH RESULTS
 
Showing 1-10 of 598 records
 
Expand article

Applying SDL Principles to Legacy Code

2008-10-27 17:24:00 by sdl in The Security Development Lifecycle
 
...code poses a unique challenge for organizations rolling out a new security process. Often, the resources dedicated to maintaining older code are a small fraction of those devoted to new features or products. Furthermore, the original developers for such features have often moved on, leaving no subject matter experts to drive reviews. The...
 
Tags: legacy code, mature security processes, security processes, cross-component security requirements, security requirements, processes, code, requirements, legacy code poses
 
 
 
 
Expand article

The cost of a code signing certificate

The Article has images
2008-01-17 07:31:00 by Keith Brown in Security Briefs
...code signing certificates aren't cheap. If you look at the major vendors like VeriSign and Thawte , you'll find they charge between $500 and $300 for a cert that's valid for a year Scott commented that you can get cheap code-signing certs, as Jon Robbins points out . 80 bucks sounds like quite a deal, but a quick look at Jon's post reveals...
 
Tags: code, cheap, cheap code, cert, root store, root, philosophical question, issue, install
 
 
 
 
Expand article

New Banking Code shifts more liability to customers

2008-04-09 14:08:49 by Steven J. Murdoch in Light Blue Touchpaper
 
...Code , the voluntary consumer-protection standard for UK banks, was released last week . The new code claims to give customers the most up to date information on how to protect their accounts from fraud. This sounds like a worthy cause, but closer inspection shows customers could be worse off than they were before Clause 12.11 of the code...
 
Tags: code, customers, banks, fraud-detection algorithms, fraud, code claims, electronic fraud, code deals, fraud threat
 
 
 
 
Expand article

Can I just comment out these lines of code?

2008-05-23 10:53:20 by Burton Group in Security and Risk Management Strategies Blog
 
...code, which was generating error messages in a certain software quality assurance tool , happened to be a critical part of the random number generator in a cryptographic library package . By removing this code, the strength of the cryptographic key material was reduced to a point where cracking the key would take minutes instead of decades....
 
Tags: process purportedly, process, fix specific process, software development process, commercial development process, code, low-assurance process, development, specific
 
 
 
 
Expand article

Advisory: CiscoWorks Arbitrary Code Execution Vulnerability

2008-05-29 01:56:52 by Dave Lewis in Liquidmatrix Security Digest
 
...Code Execution Vulnerability Release Date: 28 May 2008 Reference: LSD003-2008 Discover: Dave Lewis CVE Number: CVE-2008-2054 Vendor: Cisco Systems Systems Affected: CiscoWorks Common Services (various versions): Cisco Unified Operations Manager (CUOM), Cisco Unified Service Monitor (CUSM), CiscoWorks QoS Policy Manager (QPM), CiscoWorks LAN...
 
Tags: vulnerability, cisco, cisco systems, cisco advisory, cisco security manager, vulnerability exists due, execute arbitrary code, ciscoworks common services, security
 
 
 
 
Expand article

Can I just comment out these lines of code?

2008-05-23 10:53:20 by Burton Group in Security and Risk Management Strategies Blog
 
...code, which was generating error messages in a certain software quality assurance tool , happened to be a critical part of the random number generator in a cryptographic library package . By removing this code, the strength of the cryptographic key material was reduced to a point where cracking the key would take minutes instead of decades....
 
Tags: process purportedly, process, fix specific process, software development process, commercial development process, code, low-assurance process, development, specific
 
 
 
 
Expand article

Will Code Malware for Financial Incentives

The Article has images
2008-11-18 13:57:55 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...code the malware or the tool for any price above 100 euro based on what he perceives as features included within worth the price Proposition 2 Starting price for my malware is 250 EUR. Additional modules like P2P features, source code for a particular module go for an additional 50 EUR. If you're paying in another currency the price is 200...
 
Tags: malware, code, source malware, malware attacks, malware bot, proprietary malware tools, source code, complete source code, tools
 
 
 
 
Expand article

We can't write secure code

2008-05-16 07:00:00 by Stuart King in Stuart King's Security and Risk Management Blog
 
...code or developing better testing tools. We need to get things right much earlier in the development process." It's a subject I've been harping on about for some time, with many references to excellent resources such as OWASP , and great leaders on the subject such as Mark Curphey . Over the last few years I've heard many solutions proposed...
 
Tags: code, secure, code secure, secure code, secure software, security, security holes, security requirements, security patches
 
 
 
 
Expand article

Safari & IE Attack Code Released

2008-06-11 01:59:04 by Dave Lewis in Liquidmatrix Security Digest
 
...code for the latest Safari problem was released on Sunday From Network World A hacker has posted attack code that exploits critical flaws in the Safari and Internet Explorer Web browsers The source code, along with a demo of the attack, was posted Sunday on a computer security blog. It can be used to run unauthorized software on a victims...
 
Tags: attack, attack code, safari, safari bug, safari users, exploits critical flaws, computer security blog, chief technical officer, shavlik technologies
 
 
 
 
Expand article

Feature Request #1: Stable Code