You’ll notice some new artwork gracing The Security Ledger this week, and that’s because we’ve welcomed a new sponsor to the family: Mocana. I’d like to officially welcome them to the Security Ledger family. This is a big win for Security Ledger. Mocana will join Veracode, The Trusted Computing Group and Gemalto in underwriting The Security Ledger’s coverage of IT security news and the intersection of security with The Internet of Things (IoT). But we also win the support of a company that is all about IoT. If you haven’t already checked out Mocana, I’d urge you to do so. Launched in 2004, the company’s expertise is in securing non-traditional endpoints. Mocana’s Device Security Framework, a suite of device-resident security software that is embedded into devices during the manufacturing process. DSF is a platform that supports a wide range of security functions, both through Mocana-created security modules and support of other […]
Veracode
Insecure At Any Speed: Are Automakers Failing The Software Crash Test?
Editor’s Note: You can view the rest of my conversation about application and supply chain security, featuring Joshua Corman of Akamai and Chris Wysopal of Veracode by visiting Veracode’s web site. – PFR You’re in the market for a new car, and you’ve made a list of the features you want: a cool, tablet style interface for the audio and navigation system, side impact airbags for the front and rear compartment, a pop-up third row of seating. Heck, maybe you even want to hold out for the automatic seat temperature control that some Lexus cars now come with. While you’re at it, how about some secure software, too? That last item probably isn’t on most buyers’ check list today, but it may be soon, according to two, prominent security experts: Chris Wysopal, of Veracode, and Joshua Corman of Akamai. Speaking on Talking Code, an exclusive video hosted by The Security Ledger […]
Podcast: The Art Of Hiring Hackers
The Black Hat and DEFCON security conferences wrapped up last week in Las Vegas. Most of the media attention was (naturally) focused on the content of the presentations – including talks on the security of consumer electronics, automobiles and, of course, on the privacy implications of the recently revealed NSA surveillance program PRISM. But for the companies that pay money to send staff to these shows, the content of the talks is only one draw. Black Hat and DEFCON also serve a lesser known, but equally important role as magnets for some of the world’s top talent in obscure disciplines like reverse engineering, vulnerability research, application security analysis and more. Come August, any organization with a dog in the cyber security fight (and these days, that’s a lot of organizations) is in Las Vegas for a chance of meeting and hiring that top cyber security talent. What do companies that […]
Welcoming A New Sponsor: Gemalto
Just a note to my loyal readers that The Security Ledger is welcoming a new sponsor this week: Gemalto. If you’re not familiar with them, Gemalto NV (GTO) is a ~3B firm that makes a wide range of software for e-identity documents, chip payment cards, network authentication devices and wireless modules, as well as the software to manage confidential data and secure transactions in the telecommunications, financial services, e-government, and information technology security markets. This is an especially exciting win for The Security Ledger because Gemalto, with 10,000 employees and offices in 46 countries is a key supplier to the global Internet of Things. Products like its Protiva platform provide the foundation of trust that undergirds online person-to-machine and machine-to-machine transactions and exchanges of all kinds: on mobile devices, smart cards, medical devices, automobiles and more. We’re really excited to have Gemalto on board as a Security Ledger sponsor. Please join […]
New Search Engine Wants To Be A Google For Code
Researchers at The University of Cambridge in the UK have created a Google-like search engine that can peer inside applications, analyzing their underlying code. The search tool, named “Rendezvous,” has applications for a number of problems. It could be used to help reverse engineer potentially malicious files, copyright enforcement or to find evidence of plagiarism within applications, according to a blog post by Ross Anderson, a Professor of Security Engineering at the Laboratory. Rendezvous was unveiled in a seminar on Tuesday by Wei Ming Khoo, a doctoral student in the Security Group working at the University of Cambridge’s Computer Laboratory. The engine, which can be accessed here, allows users to submit an unknown binary, which is decompiled, parsed and compared against a library of code harvested from open source projects across the Internet. Code reuse has become a pressing security issue. The application security firm Veracode has named reused […]
