In-brief: The security firm Qualys is warning of a serious and remotely exploitable vulnerability in a function of the GNU C Library (glibc) known as gethostbyname. The security hole raises more questions about dangers lurking in legacy, open source software.
Search Results for "standards"
The Skinny on IoTivity, the New, Open Source IoT Framework
In brief: The Open Interconnect Consortium (OIC) introduced a new, open source framework to connect billions of smart devices from a wide variety of vendors. But has the IoT standards horse already left the barn?
Android in the Coal Mine: Open Source, Patching and Internet of Things
In brief: Google’s decision not to patch a security hole in versions of Android used by hundreds of millions of consumers is a bad omen for the Internet of Things and will likely push some Android users to alternative versions of the operating system.
Senator Warns of DHS Struggle with Cyber Security
U.S. Senator Tom Coburn (R-OK) used his final days in office to warn that the U.S. Department of Homeland Security (DHS) is struggling to fulfill its mission to protect the nation from cyber attack. The report, “A Review of the Department of Homeland Security’s Missions and Performance,” (PDF) was released on Saturday, as the retiring Senator from Oklahoma was leaving office. In it, the outgoing Senator said that DHS’s strategy and programs “are unlikely to protect us from the adversaries that pose the greatest cybersecurity threat.” The warnings on DHS cyber operations were part of a larger critique of the Department in the report, in which Coburn called on reforms of Homeland Security focused on accountability and streamlining. Despite spending $700 million annually on a range of cybersecurity programs, Coburn said it is hard to know whether the Department’s efforts to assist the private sector in identifying, mitigating or remediating cyber […]
Are Data Lakes A Key To Securing IoT Environments? | Tripwire Blog
Mitch Thomas over at the security firm Tripwire has a good post on “architecting the security of things” that’s worth checking out. As an incumbent security vendor, Tripwire faces the same challenges and problems as other vendors who came of age securing traditional endpoints and enterprise IT environments. Among them: adapting to a nearly limitless population of new endpoints – many of them small, resource constrained embedded systems. As we’ve noted before: many of these systems aren’t capable of the kinds of interrogations (vulnerability- and malware scans just two examples) that many security tools take for granted.
