906 search results for "Software Development Security"

CVE-2015-1931 (enterprise_linux_desktop, enterprise_linux_eus, enterprise_linux_server, enterprise_linux_workstation, java_sdk, linux_enterprise_server, linux_enterprise_software_development_kit, satellite)

IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows loc…

Synopsys Finds Significant Increase in Practices to Bolster Software Supply Chain Security

Analysing the software security practices of 130 organisations including Adobe, PayPal and Lenovo, Synopsys’s Building Security in Maturity Model (BSIMM) report has found a nearly 50% surge in activities to secure open source software components and integrate security into developer toolchains; indicating greater initiative to tackle software supply chain security over the last 12 months. […]

The post Synopsys Finds Significant Increase in Practices to Bolster Software Supply Chain Security appeared first on IT Security Guru.

Comment on Experts Reaction On White House Releases Post-SolarWinds Federal Software Security Requirements by James McQuiggan

The documents coming forthwith are guidance and not regulation. Unlike the FEDRamp compliance, where it’s mandatory, this supply chain security is written as guidance. It should be integrated with the FEDRamp compliance to ensure that all organisations providing software or software services to the government comply with the criteria in the soon-to-be-published guidance. Included in the guidance is a requirement of training. However, this training is not to develop secure software but to understand the guidance and how to implement it within the supporting organisation. If organisations can provide Secure Development LifeCycle (SDLC) training to their developers and integrate those concepts into their organisation’s culture, it will effectively improve the quality of the software. Having security top of mind and embedded into the culture for all users can reduce the risk of data breaches, leaks, and misconfigured software.