The cost upsides of writing code that's as free from bugs as possible has long been known, says Veracode's Chris Wysopal, but bugs continue to plague production code. Thanks to the rise of agile programming, however, there are new opportunities to eradicate flaws during development.
Dan Holden, a cybersecurity researcher and technologist, has just taken on the new role of CTO and intelligence director at the Retail Cyber Intelligence Sharing Center. What top challenges is he addressing?
Art Coviello, retired chair of RSA, discusses the state of cybersecurity in 2017, including the threats - and threat actors - of greatest concern and the emerging security technologies that encourage him the most.
Gartner's Avivah Litan is just back from a trip to Israel, and she's particularly enthusiastic about the new topic of "offensive defense." What is the concept, and what security controls does it require?
SecureWorks has released its new Cybersecurity Threat Insights Report, and Matt Eberhart, vice president, says the key takeaways are about automation, orchestrations and the evolution of the security operations center.
A discussion on how the understanding of epidemiology, immunology and genetic research processes can help developers create methods to secure information systems leads the latest episode of the ISMG Security Report. Also featured: insights on strengthening ATM defenses.
As ransomware attacks continue to plague organizations in healthcare and other sectors, Maryland is considering legislation specifically identifying ransomware attacks as a crime punishable with prison sentences. California and Wyoming are among the states that have enacted somewhat similar legislation.
A large malware campaign first discovered in Poland may have affected financial institutions in 31 countries. Technical clues point toward the Lazarus group, believed to be linked to North Korea, which used the Sundown exploit kit, researchers say. But attributing cyberattacks is tricky.
At this year's RSA Conference, we have about 35 videos on the docket. And truly we're talking about the A-Z of information security thought leaders, from CrowdStrike co-founder Dmitri Alperovitch to ZixCorp CEO David Wagner, with a stop in the middle to discuss homeland security with U.S. Rep. Michael McCaul.
When it comes to health data privacy and security issues, industry experts aren't sure what to expect from Tom Price, M.D., the newly confirmed secretary of the Department of Health and Human Services. But they offer a wish list of what they hope will happen.
New Zealand's privacy commissioner is recommending new civil penalties against companies of up to NZ$1 million (US$718,000) for a "serious" data breach in light of sterner penalties adopted by Australia and the European Union.
Russian police have arrested more suspected members of a cybercrime gang that used "Lurk" malware to steal nearly $30 million from Russian banks. Separately, a lead cybersecurity investigator's arrest on treason charges appears to be chilling cross-border cooperation.
For too long, ensuring that code is securely written - and bug free - has been a business afterthought. But there's been new hope for building security into the development lifecycle, thanks to the rise of DevOps, aka rugged software, says Chris Wysopal, CTO of the application security firm Veracode.