Why Open Source Software Isn't as Secure as You Think
One problem facing many open source projects - and the reason it's hard to blame Seggelemann or the rest of the OpenSSL team - is that carrying out a rigorous code security review is immensely time consuming and requires a high level of skill. That means it's very expensive. This is illustrated by another open source project: The TrueCrypt encryption program. The code has been open to anyone who cares to look at it since the project started 10 years ago - but it's only very recently, following fundraising campaigns on Indiegogo and Fundfill that yielded $60,000, that the code has undergone a proper security audit.
Three best practices for reducing the risk of SQL injection attacks
Structured Query Language is flawed because of the way it was architected. It can be fooled into trying to interpret data as an instruction. On the other hand, there’s a lot of capability in SQL that makes it attractive to developers, especially for web applications. Since the consequences of SQL injection attacks can be so damaging, I asked Michael Sabo of DB Networks about best practices that companies can follow in order to reduce their risk of this threat. Sabo says there’s no silver bullet, but he does have some advice. “Often you will hear, ‘if you just do this, or just do that, the problem will go away’,” says Sabo.
9 Mobile Apps To Get You Fit
"Mobile technology is truly revolutionizing the future of healthcare, and mobile apps in particular have played an important role in improving communication between physicians and patients, increasing adherence to medical prescriptions, helping patients locate good doctors and pharmacies, and encouraging preventative measures," says Jeff Holleran, senior director of Enterprise Product Strategy at BlackBerry. "Both doctors and patients are finding that mobile apps can provide a fast and efficient way to stay in touch and exchange information. Providers are leveraging apps so that they can respond quicker and share data faster. On the consumer side, mobile apps are growing in popularity as people become increasingly more conscious about their health and well-being."
How M2M Network Connectivity Is Driving the Growth of Industries
The advantages of the Internet of Things are obvious of course; smart connected devices that share data and make information always available to make informed decisions. M2M connectivity can best be described as devices that are capable of communicating with each other, without the need for human interaction. Global M2M applications include smart CCTV cameras, vehicle tracking, self-driving cars, secure ATM’s, smart energy metering, patient monitoring and many more possible applications. This infographic shows a few of these applications from telematics to utilities monitoring thanks to sensors.
Quality Is Not An Accident!
As quality continues to evolve, the question becomes, “how do we shift the ‘definition’ of quality to reflect quality leadership?” If we refer to Deming’s quality methods, there are some clear indicators as to how we can connect quality principles to leadership principles. ... Just as TQM is timeless and applicable to all organizations, so is quality in leadership. Bear in mind, true quality of any sort takes time, commitment, focus and work - Quality Is Not An Accident! Despite the commitment, if you do the hard work, the results are huge, and multiply exponentially over time. Quality (as a whole) works – like a secret weapon – increasing your odds of achieving sustainable success.
Google Wants To Collect Your Health Data With 'Google Fit'
Google Fit will aggregate data through open APIs, instruction sets that allow apps to share information, and will also announce partnerships with wearable device makers at its I/O conference,Forbes understands. One source with knowledge of Google’s plans said Google Fit would allow a wearable device that measures data like steps or heart rate to interface with Google’s cloud-based services, and become part of the Google Fit ecosystem. Google could not be reached for comment at the time of writing. It’s unclear if Google Fit will be a service build into the next version of Android, or a standalone app that Android users will be able to download independently.
Scaling the data mountain
Faced with ever increasing volumes of data and demand for storage, it’s simple for an organisation to spin up yet another virtual machine, and add or expand a disk to store even more data. Ultimately, however with data growth outstripping IT budget growth, a reactive approach isn’t sustainable and at some point financial considerations will force a more sophisticated response. It’s therefore essential that IT teams take a holistic view, considering solutions that will enable them to gain greater value from their information, and in parallel, avoid risks arising from regulatory compliance and legal claims
FCC to push network providers on cybersecurity
"The FCC cannot abdicate its responsibilities simply because the threats to national security and life and safety have begun to arrive via new technologies," he said. "If a call for help doesn't go through, if an emergency alert is hijacked, if our core network infrastructure goes down, are we really going to say, 'Well, that threat came through packet-switched IP-based networks, not circuit-switched telephony, so it's not our job?'" The FCC will push operators of U.S. communications networks to adopt cybersecurity best practices developed by the FCC's advisory committee, the Communications, Security, Reliability and Interoperability Council [CSRIC], Wheeler said.
Threat intelligence versus risk: How much cybersecurity is enough?
While threat intelligence is the foundational piece of risk assessment at Equinix, the use of intelligence data in the security industry is often ad hoc. "It has either plateaued or actually decreased," said Do. "There are always two sides of the spectrum," he continued. "The companies that are very good at doing SIEM [security information and event management] and all of these intelligence pieces so that the more intelligence or data points that they've added to their infrastructure, the smarter they become." But the majority of the security teams don't do that. "They are either mired in compliance checkboxes or chasing down shadow IT services.
The Risks and Responsibilities of Tech Innovation
Companies cannot proudly take ownership for the positive impacts of their products while distancing themselves from harms. Companies should acknowledge that there may be risks to using their products in plain English (and Spanish, French, German, Arabic, Mandarin, and any other language necessary) — while making it clear that they will be proactive in assessing and mitigating those risks. ... Companies should allow for the ability to push out software updates to make their products safer once the risks become clearer. There are plenty of safe driving apps for cell phones, which might offer a precedent for Google to follow.
Quote for the day:
"Making the simple complicated is commonplace; making the complicated simple, awesomely simple, that's creative." -- Charles Mingus
One problem facing many open source projects - and the reason it's hard to blame Seggelemann or the rest of the OpenSSL team - is that carrying out a rigorous code security review is immensely time consuming and requires a high level of skill. That means it's very expensive. This is illustrated by another open source project: The TrueCrypt encryption program. The code has been open to anyone who cares to look at it since the project started 10 years ago - but it's only very recently, following fundraising campaigns on Indiegogo and Fundfill that yielded $60,000, that the code has undergone a proper security audit.
Structured Query Language is flawed because of the way it was architected. It can be fooled into trying to interpret data as an instruction. On the other hand, there’s a lot of capability in SQL that makes it attractive to developers, especially for web applications. Since the consequences of SQL injection attacks can be so damaging, I asked Michael Sabo of DB Networks about best practices that companies can follow in order to reduce their risk of this threat. Sabo says there’s no silver bullet, but he does have some advice. “Often you will hear, ‘if you just do this, or just do that, the problem will go away’,” says Sabo.
9 Mobile Apps To Get You Fit
"Mobile technology is truly revolutionizing the future of healthcare, and mobile apps in particular have played an important role in improving communication between physicians and patients, increasing adherence to medical prescriptions, helping patients locate good doctors and pharmacies, and encouraging preventative measures," says Jeff Holleran, senior director of Enterprise Product Strategy at BlackBerry. "Both doctors and patients are finding that mobile apps can provide a fast and efficient way to stay in touch and exchange information. Providers are leveraging apps so that they can respond quicker and share data faster. On the consumer side, mobile apps are growing in popularity as people become increasingly more conscious about their health and well-being."
How M2M Network Connectivity Is Driving the Growth of Industries
The advantages of the Internet of Things are obvious of course; smart connected devices that share data and make information always available to make informed decisions. M2M connectivity can best be described as devices that are capable of communicating with each other, without the need for human interaction. Global M2M applications include smart CCTV cameras, vehicle tracking, self-driving cars, secure ATM’s, smart energy metering, patient monitoring and many more possible applications. This infographic shows a few of these applications from telematics to utilities monitoring thanks to sensors.
Quality Is Not An Accident!
As quality continues to evolve, the question becomes, “how do we shift the ‘definition’ of quality to reflect quality leadership?” If we refer to Deming’s quality methods, there are some clear indicators as to how we can connect quality principles to leadership principles. ... Just as TQM is timeless and applicable to all organizations, so is quality in leadership. Bear in mind, true quality of any sort takes time, commitment, focus and work - Quality Is Not An Accident! Despite the commitment, if you do the hard work, the results are huge, and multiply exponentially over time. Quality (as a whole) works – like a secret weapon – increasing your odds of achieving sustainable success.
Google Wants To Collect Your Health Data With 'Google Fit'
Google Fit will aggregate data through open APIs, instruction sets that allow apps to share information, and will also announce partnerships with wearable device makers at its I/O conference,Forbes understands. One source with knowledge of Google’s plans said Google Fit would allow a wearable device that measures data like steps or heart rate to interface with Google’s cloud-based services, and become part of the Google Fit ecosystem. Google could not be reached for comment at the time of writing. It’s unclear if Google Fit will be a service build into the next version of Android, or a standalone app that Android users will be able to download independently.
Scaling the data mountain
Faced with ever increasing volumes of data and demand for storage, it’s simple for an organisation to spin up yet another virtual machine, and add or expand a disk to store even more data. Ultimately, however with data growth outstripping IT budget growth, a reactive approach isn’t sustainable and at some point financial considerations will force a more sophisticated response. It’s therefore essential that IT teams take a holistic view, considering solutions that will enable them to gain greater value from their information, and in parallel, avoid risks arising from regulatory compliance and legal claims
FCC to push network providers on cybersecurity
"The FCC cannot abdicate its responsibilities simply because the threats to national security and life and safety have begun to arrive via new technologies," he said. "If a call for help doesn't go through, if an emergency alert is hijacked, if our core network infrastructure goes down, are we really going to say, 'Well, that threat came through packet-switched IP-based networks, not circuit-switched telephony, so it's not our job?'" The FCC will push operators of U.S. communications networks to adopt cybersecurity best practices developed by the FCC's advisory committee, the Communications, Security, Reliability and Interoperability Council [CSRIC], Wheeler said.
Threat intelligence versus risk: How much cybersecurity is enough?
While threat intelligence is the foundational piece of risk assessment at Equinix, the use of intelligence data in the security industry is often ad hoc. "It has either plateaued or actually decreased," said Do. "There are always two sides of the spectrum," he continued. "The companies that are very good at doing SIEM [security information and event management] and all of these intelligence pieces so that the more intelligence or data points that they've added to their infrastructure, the smarter they become." But the majority of the security teams don't do that. "They are either mired in compliance checkboxes or chasing down shadow IT services.
The Risks and Responsibilities of Tech Innovation
Companies cannot proudly take ownership for the positive impacts of their products while distancing themselves from harms. Companies should acknowledge that there may be risks to using their products in plain English (and Spanish, French, German, Arabic, Mandarin, and any other language necessary) — while making it clear that they will be proactive in assessing and mitigating those risks. ... Companies should allow for the ability to push out software updates to make their products safer once the risks become clearer. There are plenty of safe driving apps for cell phones, which might offer a precedent for Google to follow.
Quote for the day:
"Making the simple complicated is commonplace; making the complicated simple, awesomely simple, that's creative." -- Charles Mingus
No comments:
Post a Comment