Multiple Perspectives on Security

Security Journal

Subscribe to Security Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Security Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories

Analysis of 25,000 applications reveals 6.8% of packages/components used included known defects. Organizations standardizing on components between 2 - 3 years of age can decrease defect rates substantially. Open source and third-party packages/components live at the heart of high velocity software development organizations.  Today, an average of 106 packages / components comprise 80 - 90% of a modern application, yet few organizations have visibility into what components are used where. Use of known defective components leads to quality and security issues within applications. While developers save tremendous amounts of time by sourcing software components from outside their organizations, they often don't have time to check those component versions against known vulnerability databases or internal policies. In Sonatype's 2016 State of the Software Supply Chain repor... (more)

Don’t Take the Impostor’s Bait | @CloudExpo #Cloud #Cybersecurity

Phishing has been around since the dawn of the internet. The term was first used in an AOL Usenet group back in 1996 but it wasn’t until 2003 when many baited hooks and lures started dropping. Popular transaction destinations like PayPal and eBay were some of the early victims of these spoofed sites asking customers to update their personal and credit card information. By 2004, it was a full-fledged ‘get rich quick scheme’ with many financial institutions – and their customers – as targets. Oxford Dictionary defines Phishing as, ‘The fraudulent practice of sending emails purpor... (more)

Enabling Trust for Healthcare IT Security | @CloudExpo #API #Cloud #Security

Enabling patient-doctor trust goes a long way in a provider's ability to provide care. Trust is also critical for enabling network connections that are safe, to help secure health networks. The healthcare industry is scrambling to shore up defenses as cyberattacks and breaches increase. The rapid adoption of electronic health records/electronic medical records (EHR/EMR) has created an attractive opportunity for cyber criminals. Ponemon Research recently reported that breach costs are $363 for each stolen healthcare record, and that is the highest across all vertical markets. He... (more)

Announcing @SecureChannels to Exhibit at @CloudExpo | #IoT #InfoSec

SYS-CON Events announced today that Secure Channels will exhibit at the 19th International Cloud Expo, which will take place on November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. The bedrock of Secure Channels Technology is a uniquely modified and enhanced process based on superencipherment. Superencipherment is the process of encrypting an already encrypted message one or more times, either using the same or a different algorithm. For more information, visit http://www.securechannels.com. @ThingsExpo - The World's Largest 'Internet of Things' Event, No... (more)

Does a CDN Protect Against DDoS Attacks? | @CloudExpo #Cloud #Security

Does a Content Delivery Network (CDN) protect against Distributed Denial of Service (DDoS) attacks? It's a good question. A CDN by its very nature will absorb DDoS attacks for the content that it serves and this could be considered protection but, as is often the case, this is only the beginning of the story. If we consider what is actually going on here, the CDN isn't actually ‘blocking' the DDoS attack - it is simply reducing its impact by throwing more resources at the problem. This means that the size of the DDoS attack a CDN can deal with is inherently dependent on the size... (more)

Clash of Ops | @DevOpsSummit #BigData #APM #DevOps #Docker #Monitoring

It was a Monday. I was reading the Internet. Okay, I was skimming feeds. Anyway, I happened across a title that intrigued me, "Stateful Apps and Containers: Squaring the Circle." It had all the right buzzwords (containers) and mentioned state, a topic near and dear to this application networking-oriented gal, so I happily clicked on through. Turns out that Stateful Apps are not Stateful Apps. Seriously. To be fair, I should really say that when a devops guy talks about ‘stateful apps' it is not the same thing as when a netops gal uses the term ‘stateful apps.'  That's because the... (more)