Software Integrity

Archive for the 'Security Standards and Compliance' Category

 

Software Is Everywhere – And So Are the Vulnerabilities

Software is no longer limited to traditional computing platforms such as our personal PC or a corporate server. Almost every device today runs some software – from firmware at the chip level in our toasters to a complex operating system found within our smart TVs. Furthermore, life-critical products, such as automobiles, medical devices, and industrial […]

Continue Reading...

Posted in Security Standards and Compliance | Comments Off on Software Is Everywhere – And So Are the Vulnerabilities

 

Software Testing Included in Final ISA / IEC 62443-4-1

A new standard covering the secure product development lifecycle has been ratified, officially making static code analysis, software composition analysis, and malformed input testing part of the requirements. Known officially as ISA-62443-4-1 Security for industrial automation and control systems Part 4-1: Secure product development life-cycle requirement, it is part of a larger certification program designed […]

Continue Reading...

Posted in Industrial Control System Security, Security Standards and Compliance | Comments Off on Software Testing Included in Final ISA / IEC 62443-4-1

 

Security Development Lifecycle

The development of software is a progression. Standards such as ISO/IEC 12207 – “Systems and Software Engineering – Software Life Cycle Process” — define the series of steps necessary for the development and lifecycle management of an application or software. In particular, the software development lifecycle (SDLC), calls specific phases: Acquisition, Supply, Development, Operation, Maintenance, […]

Continue Reading...

Posted in Security Standards and Compliance | Comments Off on Security Development Lifecycle

 

CodenomiCON USA 2016

The sixth annual CodenomiCON USA 2016 attracted hundreds of security professionals for an evening of panel discussions and networking at the House of Blues in Mandalay Bay. The Master of Ceremonies for the night was Mike Ahamdi, Director of Critical Systems Security at Synopsys. He introduced each of the panels covering supply chain security, medical […]

Continue Reading...

Posted in Automotive Security, Internet of Things, Medical Device Security, Security Standards and Compliance | Comments Off on CodenomiCON USA 2016

 

CodenomiCON 2016 Brings Elite Hackers Together in Las Vegas

Once again Synopsys will host an elite group of cybersecurity professionals during Black Hat for an evening of thought leadership, networking, and entertainment. For the past half dozen years, CodenomiCONs have been held the evening before the start of the Black Hat briefings during the Black Hat conference. This year’s 8th annual CodenomiCON will be […]

Continue Reading...

Posted in Automotive Security, Internet of Things, Medical Device Security, Security Standards and Compliance | Comments Off on CodenomiCON 2016 Brings Elite Hackers Together in Las Vegas

 

VA to Adopt UL Cybersecurity Assurance Program

The U.S. Department of Veteran Affairs (VA) and UL (Underwriters Laboratories) have signed Cooperative Research and Development Agreement Program (CRADA) for medical devices cybersecurity standards and certification approaches. CRADA project will support improvement of Veterans patient safety and security through the use and verification of UL’s Cybersecurity Assurance Program (UL CAP), an independent third-party testing […]

Continue Reading...

Posted in Medical Device Security, Security Standards and Compliance | Comments Off on VA to Adopt UL Cybersecurity Assurance Program

 

NIST Focuses Special Publication 800-160 on Infrastructure Cyber Security

With an eye toward use in automobiles, the electric grid, and emergency response teams, the National Institute for Science and Technology (NIST) proposes how organizations can incorporate time-tested security design principles and concepts into these systems from concept to completion in a new publication. Originally available in 2014, Special Publication 800-160: Systems Security Engineering: Considerations […]

Continue Reading...

Posted in Automotive Security, Internet of Things, Security Standards and Compliance | Comments Off on NIST Focuses Special Publication 800-160 on Infrastructure Cyber Security

 

ISA 62443 SDLC Requirements Heads To IEC For Confirmation

A draft of ISA 62443-4-1 has been approved and now heads to IEC for final confirmation. Known officially as ISA-62443-4-1 Security for industrial automation and control systems Part 4-1: Secure product development life-cycle requirements, the document is part of a certification program which assesses a supplier’s product development lifecycle processes for industrial automation control systems. […]

Continue Reading...

Posted in Security Standards and Compliance | Comments Off on ISA 62443 SDLC Requirements Heads To IEC For Confirmation