Secure coding expert Chris Wysopal talks about dynamic and static testing and the state of secure software development tools. Wysopal also explains why he’s a big proponent of the SANS/CWE Top 25 Dangerous Programming Errors List.
Gary McGraw of Cigital explains why the CWE/SANS Top 25 dangerous programming errors list will fail to have a major effect on secure software development.
Core Security’s Tom Kellermann, who served on the Commission for Cybersecurity for the 44th Presidency, talks about President Obama’s cybersecurity priorities. Also, Gary McGraw of Cigital explains why the CWE/SANS Top 25 list won’t do much to aid secure software development.
Expert Michael Cobb explains why attempts to bypass Windows Vista memory protections don’t necessarily mean that the operating system lacks security.
Larry Ponemon of the Ponemon Institute explains his firm’s Cost of Data Breach study. While costs are increasing, companies are struggling to avoid a second breach. Also, Henry Helgeson, CEO of payment processor Merchant Warehouse, talks about PCI and encryption in the wake of the Heartland breach.
Data breach costs rise as firms brace for next loss: Companies are struggling to prevent data breaches, according to a new survey that found most firms are dealing with multiple breaches.
First lawsuit filed in Heartland data security breach: A class action lawsuit was filed against Heartland claiming that the payment processor issued belated and inaccurate statements when it announced a security breach of its systems.
Thomas Cross, X-Force security researcher for IBM ISS, discusses the possible dangers posed by the Conficker/Downadup worm. Researchers are waiting for the payload.
Microsoft Conficker worm hits peak, but payload awaits: Security researchers are fascinated by the spreading Conficker/Downadup worm, but are unsure what kind of damage it will do to corporate networks.
Microsoft RPC worm spreads in corporate networks: A worm, exploiting the Microsoft RPC vulnerability, is wreaking havoc on some corporate networks, according to researchers at security vendor, F-Secure.
Gartner Analayst Avivah Litan talks about the massive Heartland data security breach. Also, a discussion with Ernst & Young’s Sagi Leizerov on data privacy in the retail industry.
Payments processor discloses massive data breach: Company says an intrusion of its processing system may be part of a broader fraud operation.
Study ties fraud losses to Hannaford, TJX breaches: Experts say breach costs are far reaching and could lead banks and merchants to find alternative payment methods.
In this edition of Security Squad the editorial team debates the usefulness of the CWE/SANS Top 25 List, the state of virtualization security and they discuss the top cybersecurity news stories of 2008.
Security experts explain the new Top 25 Errors list. Includes Bob Martin of MITRE Corp., Paul Kurtz, a principal author of the U.S. National Strategy to Secure Cyberspace and application security testers Jacob West of Fortify Software and Chris Wysopal of Veracode.
Will organizations be ready for next year’s enterprise security threats? Expert John Strand reviews what’s in store for 2009, including new weapons, old vulnerabilities, and new takes on old attack techniques.