Software Integrity

Archive for April 2016

 

ISA 62443 SDLC Requirements Heads To IEC For Confirmation

A draft of ISA 62443-4-1 has been approved and now heads to IEC for final confirmation. Known officially as ISA-62443-4-1 Security for industrial automation and control systems Part 4-1: Secure product development life-cycle requirements, the document is part of a certification program which assesses a supplier’s product development lifecycle processes for industrial automation control systems. […]

Continue Reading...

Posted in Security Standards and Compliance | Comments Off on ISA 62443 SDLC Requirements Heads To IEC For Confirmation

 

Synopsys Discovers CVE-2015-5370 in Samba’s DCE/RPC Protocol Implementation

. With yesterday’s full release of details about the much-discussed Badlock bug, one of the CVEs identified as related is attributed to Synopsys. CVE-2015-5370 includes within its credits a call out for Jouni Knuutinen from Synopsys for “discovering and reporting this security bug using the Defensics product.” Defensics works by automating the creation of malformed […]

Continue Reading...

Posted in Seeker | Comments Off on Synopsys Discovers CVE-2015-5370 in Samba’s DCE/RPC Protocol Implementation

 

Naming Vulnerabilities

The Badlock Bug announcement raises a few really interesting issues. The first and most important issue that we shouldn’t lose sight of is that software vulnerabilities, especially ones that affect widely used open source components like Samba, pose a very real threat. Finding these bugs by integrating security testing into the development process and throughout […]

Continue Reading...

Posted in Seeker | Comments Off on Naming Vulnerabilities

 

Synopsys and UL Announce UL Cybersecurity Assurance Program

On Tuesday, Synopsys and Underwriter’s Laboratory (UL) announced they have collaborated to elevate transparency and confidence in the security of network-connectable devices through the creation of the UL Cybersecurity Assurance Program (UL CAP). The new certification enables device manufacturers to demonstrate diligence and provide security assurance to downstream customers and end users. The UL CAP […]

Continue Reading...

Posted in Seeker | Comments Off on Synopsys and UL Announce UL Cybersecurity Assurance Program