The IEEE Center for Secure Design has published a report on the Top 10 software security design flaws (and how to avoid them). When it comes to making sure software is secure, too much of the attention is focused on bugs, and not enough of the conversation is about design flaws, according to Gary McGraw, … continue reading
RethinkDB 1.14 released Version 1.14 of the RethinkDB open-source distributed JSON database has been released with more than 50 new enhancements. RethinkDB ecosystem engineer Josh Kuhn announced the release in a blog post, explaining that 1.14 is the first RethinkDB release that doesn’t require data migration. Some of the main upgrades and new features include: … continue reading
Microsoft announces DocumentDB and Azure Search-as-a-Service Microsoft has announced several services for its Azure cloud platform, including DocumentDB, a fully managed NoSQL document database service. Blog posts from Microsoft Azure product marketing director Vibhor Kapoor and Azure senior program manager Ryan CrawCour detail the new services, which in addition to the NoSQL service feature Azure … continue reading
The popular OpenSSL encryption scheme underlying much of the Web’s security protocols is finally turning a corner. With Heartbleed now well behind it, the open-source SSL/TLS security protocol released a project road map laying out its short- and long-term goals, and it has issued nine security fixes to the encryption scheme. In a Security Advisory, … continue reading
It’s a mess out there. OpenSSL was compromised. The U.S. government is in your database. Cats and dogs living together; mass hysteria! But there is a solution. You, as a software development manager, hold the keys to making sure your software is secure. You hold the keys to making sure your infrastructure is secure. You … continue reading
Even with all we know about cross-site scripting and SQL injections, these attacks on servers remain pervasive. Part of that is due to the fact that security technology (firewalls, signatures, past definitions) was not focused on these types of attacks. Another part is that developers have not embraced security as something that is their concern. … continue reading
When it was announced on June 8 that OpenSSL was vulnerable to a dangerous new attack that could reveal security certificates to an attacker, the Internet spent a few days in panic mode. Thousands, if not millions, of sites used (and still use) OpenSSL, and the fix for the problem took a few days to … continue reading
Samsung indefinitely postpones launch of Tizen-powered Samsung Z It’ll be a bit longer before we see a Samsung phone running Tizen OS. Samsung announced it is delaying sales of the Samsung Z smartphone, the company’s first device running Tizen, the rival mobile platform to Android and iOS. Samsung canceled a developer conference in Russia where … continue reading
Logs were previously the last-resort debugging tool that a developer or Ops pro turned to when a serious issue arose. They were seen as complex data streams that only the most sophisticated and knowledgeable of engineers could understand. However, today, thanks to log-management innovations like real-time analysis, parsing and event visualizations, logs are now used … continue reading
Microsoft Security Intelligence Report shows prevalence of deceptive download malware in 2013 … continue reading
Today marks a public service announcement to remind Internet users to protect their online identity … continue reading
John Podesta’s group finds Big Data is very beneficial but can also lead to discrimination and privacy breaches … continue reading
