Security Intelligence Report v10 Released

Yesterday we released our Security Intelligence Report v10. A few highlights/lowlights from the Key Findings section: Industry vulnerability disclosure trends continue an overall trend of moderate declines since 2006. This trend is likely because of better development practices and quality control throughout the industry, which result in more secure software and fewer vulnerabilities. Vulnerability disclosures…

Details

Security Information and Event Management – Really the Way Forward?

When we are looking at solutions like SIEMs (Security information and event management), they are following a promising approach: You are collecting events from different systems and are trying to correlate the events to figure out what is happening and to find anomalies. Actually a good idea. There are a few “howevers”, however. It definitely…

Details

Security in Code – Learnings from Ashley Madison

It seems that the whole Ashley Madison case is used in a lot of areas as a learning exercise. We all were surprised (at least I hope) that people were stupid enough to use their business mail addresses to register – well, you cannot use your private one, can you? We – once again –…

Details

Security in 2013 – the way forward?

Typically January is the month where we are asked to make predictions on the trends for the New Year. I do not like this as I am an engineer and not a fortune tellerJ. But there are things we know and things we definitely need to drive this year. I would actually put it into…

Details

Security Development Lifecycle: Quick References

A quick one: An interesting download location: With the SDL Quick Security References (QSR), the Security Development Lifecycle (SDL) team introduces a series of basic guidance papers designed to address common vulnerabilities from the perspective of multiple business roles – business decision maker, architect, developer, and tester/QA. These papers will help you address a critical…

Details