Podcast: Play in new window | Download (27.5MB)Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | RSS | https://www.securityledger.com/subscribeWhat makes a good CSO? In the wake of the Equifax breach, we talk about the controversy over that company’s CSO’s music degree. Also: we talk with Signal Sciences about why companies keep getting hacked via application vulnerabilities like the Apache Struts hole that felled Equifax.
In-brief: Beset by a plunging share price, class action lawsuits in dozens of states, pending Congressional hearings and a FTC investigation, Equifax on Wednesday finally settled speculation and named a six month old hole in a common software platform, Apache Struts, as the cause of a massive hack.
In-brief: The FDA as approved a software update to software security holes in pacemakers made by Abbott. But doctors and patients will have to weigh the risks of apply the patch.
In-brief: ARM’s purchase of Simulity adds the ability to do over the air updates to embedded SIM chips and highlights ARM’s efforts to build out security and management at IoT scale.
In-brief: more than three years after it was first discovered, the Heartbleed vulnerability in OpenSSL continues to plague organizations worldwide. Why has it been so hard to fix? In this Industry Perspective, Patrick Carey of the firm Black Duck talks about some of the complicating factors that make vulnerabilities like Heartbleed so hard to eradicate.