TJX Data Theft Just Keeps Getting Worse
TJX issued a press release yesterday coming clean on what they know about the breach of their corporate network. They are now admitting that they have been compromised as early as July 2005 and...
View ArticlePCI as a Law?
Identity theft and the huge TJX breach have brought information technology and security to the forefront and now the states of Texas and Massachusetts are contemplating bills that would hold...
View ArticlePCI Extends Its Reach to Application Security
Earlier this week, I attended the first PCI Community Meeting in Toronto, a gathering organized by the PCI Security Standards Council to bring QSAs, ASVs, and other PCI stakeholders together in one...
View ArticleWAF Better Than Code Review? Not Really.
I was just reading an article discussing the timeframe for upcoming revisions to the PCI-DSS. Nothing quite so exciting as reading about a compliance roadmap, right? This article reminded us about PCI...
View ArticleClik here to view.
Windows Is Critical Infrastructure? You Betcha!
Should Microsoft’s Windows operating system be considered critical infrastructure? The answer seems so obvious as to beg the question of why we even ask. But, in the wake of President Obama’s recent...
View ArticleClik here to view.
O Budget Where Art Thou? Getting Application Security Funded With BSIMM
The first hurdle to running any successful Application Security program is getting it adequately funded. This should come as no great surprise to anyone. Software security is no different than any...
View ArticleClik here to view.
Food for Thought: Mobile Application Security & HIPAA
As a pentester, it’s always a different story when we are the ones writing the report. Being on the receiving end is stressful, even more so when you throw compliance into the mix. I figured since I...
View ArticleClik here to view.
Lawsuits, Regulations and Third-Party Security
Every year the world seems to grow a little more regulated – and punitive. We’re now seeing banks suing retailers and compliance management firms over PCI assessments. And the recent breach in...
View ArticleClik here to view.
Software Security: At the Front Line of Data Protection
A report released in the UK this week highlighted nicely the link between software security and data protection- a very hot topic this side of the pond in the midst of EU regulation reform and...
View ArticleClik here to view.
NIST Updates Guidance On Securing Software Supply Chains
An updated guide on risk management practices recommends that companies pay more attention to the security of their software supply chain. A draft release of an updated risk management guide from the...
View ArticleClik here to view.
Why Did the Chicken Cross the Road? To Get Its 3rd-Party Applications Secured!
In the revisions to PCI DSS, now on version 3.0, the PCI Security Council added a note to Requirement 6.3, extending the secure software development mandate to include all custom, third-party developed...
View ArticleClik here to view.
Are You Trustworthy? UK Outlines Third-Party Software Security Specifications...
I may be one of the few people that gets excited about regulations, controls, and guidance. But I suspect that there are many cyber security leaders that are excited and encouraged by the newly...
View ArticleClik here to view.
First Prioritize, Then Patch: Yes, Another Blog on PCI 3.0
Your scan results may have you feeling a bit overwhelmed but our actionable data and sorting can help streamline your remediation efforts! In November’s update to PCI DSS, now on version 3.0, you may...
View ArticleClik here to view.
Med Tech’s Promiscuity Problem
A roundtable discussion of medical device security finds that innovation in the connected health space is outstripping security. And the problem will get worse before it gets better. Physicians are...
View ArticleClik here to view.
PCI Compliance & Secure Coding: Implementing Best Practices from the Beginning
Is your SDLC process built on a shaky foundation? A lot of the revisions to PCI DSS point toward the realization that security must be built into the development process. The foundation that ultimately...
View Article
