Security Wire Weekly


February 18, 2009  6:07 PM

Chris Wysopal on secure coding



Posted by: Jessica Scarpati
Security Wire Weekly

Secure coding expert Chris Wysopal talks about dynamic and static testing and the state of secure software development tools. Wysopal also explains why he’s a big proponent of the SANS/CWE Top 25 Dangerous Programming Errors List.

February 16, 2009  3:24 PM

Why top lists don’t work



Posted by: Jessica Scarpati
Security Newsmakers

Security NewsmakersGary McGraw of Cigital explains why the CWE/SANS Top 25 dangerous programming errors list will fail to have a major effect on secure software development.


February 11, 2009  5:12 PM

Top cybersecurity priorities for the Obama administration



Posted by: Jessica Scarpati
Security Wire Weekly

Core Security’s Tom Kellermann, who served on the Commission for Cybersecurity for the 44th Presidency, talks about President Obama’s cybersecurity priorities. Also, Gary McGraw of Cigital explains why the CWE/SANS Top 25 list won’t do much to aid secure software development.


February 6, 2009  11:34 AM

Threat Monitor: Are Windows Vista security features up to par?



Posted by: Jessica Scarpati
Threat Monitor

Expert Michael Cobb explains why attempts to bypass Windows Vista memory protections don’t necessarily mean that the operating system lacks security.


February 4, 2009  4:03 PM

Data breach cost analysis



Posted by: Jessica Scarpati
Security Wire Weekly

Larry Ponemon of the Ponemon Institute explains his firm’s Cost of Data Breach study. While costs are increasing, companies are struggling to avoid a second breach. Also, Henry Helgeson, CEO of payment processor Merchant Warehouse, talks about PCI and encryption in the wake of the Heartland breach.

Program links:

Data breach costs rise as firms brace for next loss: Companies are struggling to prevent data breaches, according to a new survey that found most firms are dealing with multiple breaches.

First lawsuit filed in Heartland data security breach: A class action lawsuit was filed against Heartland claiming that the payment processor issued belated and inaccurate statements when it announced a security breach of its systems.


January 28, 2009  3:17 PM

Microsoft Conficker dangers ahead



Posted by: Jessica Scarpati
Security Wire Weekly

Thomas Cross, X-Force security researcher for IBM ISS, discusses the possible dangers posed by the Conficker/Downadup worm. Researchers are waiting for the payload.

Program links:

Microsoft Conficker worm hits peak, but payload awaits: Security researchers are fascinated by the spreading Conficker/Downadup worm, but are unsure what kind of damage it will do to corporate networks.

Microsoft RPC worm spreads in corporate networks: A worm, exploiting the Microsoft RPC vulnerability, is wreaking havoc on some corporate networks, according to researchers at security vendor, F-Secure.


January 21, 2009  2:51 PM

Heartland data security breach



Posted by: Jessica Scarpati
Security Wire Weekly

Gartner Analayst Avivah Litan talks about the massive Heartland data security breach. Also, a discussion with Ernst & Young’s Sagi Leizerov on data privacy in the retail industry.

Program links:

Payments processor discloses massive data breach: Company says an intrusion of its processing system may be part of a broader fraud operation.

Study ties fraud losses to Hannaford, TJX breaches: Experts say breach costs are far reaching and could lead banks and merchants to find alternative payment methods.


January 19, 2009  3:44 PM

Are vulnerability lists helpful?



Posted by: Jessica Scarpati
Security Squad

In this edition of Security Squad the editorial team debates the usefulness of the CWE/SANS Top 25 List, the state of virtualization security and they discuss the top cybersecurity news stories of 2008.

Program links:

Security experts identify 25 dangerous coding errors

PCI needs to address virtualization, experts say


January 14, 2009  5:31 PM

Top 25 dangerous coding errors



Posted by: Jessica Scarpati
Security Wire Weekly

Security experts explain the new Top 25 Errors list. Includes Bob Martin of MITRE Corp., Paul Kurtz, a principal author of the U.S. National Strategy to Secure Cyberspace and application security testers Jacob West of Fortify Software and Chris Wysopal of Veracode.


January 8, 2009  11:30 AM

Threat Monitor: Future security threats: Enterprise attacks of 2009



Posted by: Jessica Scarpati
Threat Monitor

Will organizations be ready for next year’s enterprise security threats? Expert John Strand reviews what’s in store for 2009, including new weapons, old vulnerabilities, and new takes on old attack techniques.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: