SEARCH RESULTS
 
Showing 1-10 of 636 records
 
Expand article

Applying SDL Principles to Legacy Code

2008-10-27 17:24:00 by sdl in The Security Development Lifecycle
 
...code poses a unique challenge for organizations rolling out a new security process. Often, the resources dedicated to maintaining older code are a small fraction of those devoted to new features or products. Furthermore, the original developers for such features have often moved on, leaving no subject matter experts to drive reviews. The...
 
Tags: legacy code, mature security processes, security processes, cross-component security requirements, security requirements, processes, code, requirements, legacy code poses
 
 
 
 
Expand article

The cost of a code signing certificate

The Article has images
2008-01-17 07:31:00 by Keith Brown in Security Briefs
...code signing certificates aren't cheap. If you look at the major vendors like VeriSign and Thawte , you'll find they charge between $500 and $300 for a cert that's valid for a year Scott commented that you can get cheap code-signing certs, as Jon Robbins points out . 80 bucks sounds like quite a deal, but a quick look at Jon's post reveals...
 
Tags: code, cheap, cheap code, cert, root store, root, philosophical question, issue, install
 
 
 
 
Expand article

New Banking Code shifts more liability to customers

2008-04-09 14:08:49 by Steven J. Murdoch in Light Blue Touchpaper
 
...Code , the voluntary consumer-protection standard for UK banks, was released last week . The new code claims to give customers the most up to date information on how to protect their accounts from fraud. This sounds like a worthy cause, but closer inspection shows customers could be worse off than they were before Clause 12.11 of the code...
 
Tags: code, customers, banks, fraud-detection algorithms, fraud, code claims, electronic fraud, code deals, fraud threat
 
 
 
 
Expand article

Can I just comment out these lines of code?

2008-05-23 10:53:20 by Burton Group in Security and Risk Management Strategies Blog
 
...code, which was generating error messages in a certain software quality assurance tool , happened to be a critical part of the random number generator in a cryptographic library package . By removing this code, the strength of the cryptographic key material was reduced to a point where cracking the key would take minutes instead of decades....
 
Tags: process purportedly, process, fix specific process, software development process, commercial development process, code, low-assurance process, development, specific
 
 
 
 
Expand article

Advisory: CiscoWorks Arbitrary Code Execution Vulnerability

2008-05-29 01:56:52 by Dave Lewis in Liquidmatrix Security Digest
 
...Code Execution Vulnerability Release Date: 28 May 2008 Reference: LSD003-2008 Discover: Dave Lewis CVE Number: CVE-2008-2054 Vendor: Cisco Systems Systems Affected: CiscoWorks Common Services (various versions): Cisco Unified Operations Manager (CUOM), Cisco Unified Service Monitor (CUSM), CiscoWorks QoS Policy Manager (QPM), CiscoWorks LAN...
 
Tags: vulnerability, cisco, cisco systems, cisco advisory, cisco security manager, vulnerability exists due, execute arbitrary code, ciscoworks common services, security
 
 
 
 
Expand article

Can I just comment out these lines of code?

2008-05-23 10:53:20 by Burton Group in Security and Risk Management Strategies Blog
 
...code, which was generating error messages in a certain software quality assurance tool , happened to be a critical part of the random number generator in a cryptographic library package . By removing this code, the strength of the cryptographic key material was reduced to a point where cracking the key would take minutes instead of decades....
 
Tags: process purportedly, process, fix specific process, software development process, commercial development process, code, low-assurance process, development, specific
 
 
 
 
Expand article

Will Code Malware for Financial Incentives

The Article has images
2008-11-18 13:57:55 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...code the malware or the tool for any price above 100 euro based on what he perceives as features included within worth the price Proposition 2 Starting price for my malware is 250 EUR. Additional modules like P2P features, source code for a particular module go for an additional 50 EUR. If you're paying in another currency the price is 200...
 
Tags: malware, code, source malware, malware attacks, malware bot, proprietary malware tools, source code, complete source code, tools
 
 
 
 
Expand article

Native Client: A Technology for Running Native Code on the Web

2008-12-08 13:21:00 by Panayiotis Mavrommatis in Google Online Security Blog
 
...code module and the host system. The inner-sandbox uses static analysis to detect security defects in untrusted x86 code. Previously, such analysis has been challenging due to such practices as self-modifying code and overlapping instructions. In our work, we disallow such practices through a set of alignment and structural rules that, when...
 
Tags: code, native client, google code blog, software containment system, containment system, native code module, system, native client team, host system
 
 
 
 
Expand article

Native Client: A Technology for Running Native Code on the Web

2008-12-08 13:21:00 by Panayiotis Mavrommatis in Google Online Security Blog
 
...code module and the host system. The inner-sandbox uses static analysis to detect security defects in untrusted x86 code. Previously, such analysis has been challenging due to such practices as self-modifying code and overlapping instructions. In our work, we disallow such practices through a set of alignment and structural rules that, when...
 
Tags: code, native client, google code blog, software containment system, containment system, native code module, system, native client team, host system