Image for post
Image for post
NASA/JPL-Caltech

Getting a spacecraft all the way to Mars — a trip of about 300 million miles — and landing a rover vehicle on the equivalent of a postage stamp target obviously requires sophisticated technology and a team effort.

Because, as is also obvious, it’s unbelievably risky and complex. But the team at NASA’s Jet Propulsion Laboratory (JPL) in Pasadena, California got it done. Americans saw images beamed back to earth from Perseverance on Feb. 18, just hours after it landed safely in Jezero Crater, which scientists believe was a river delta and lake 3.5 billion to 3.9 billion years ago…


Image for post
Image for post
Photo by Bluewater Globe on Unsplash

By now, just about everybody has seen or heard at least the headline version of the story: A hacker tried to poison the drinking water supply of a small Florida town near Tampa earlier this month.

But as was also reported, the attack was detected and blocked long before there was any damage. A supervisor monitoring the Oldsmar (population 15,000) water plant systems saw a mouse pointer move across a screen and “immediately noticed the change in dosing amounts,” which could eventually have boosted the amount of sodium hydroxide (lye) in drinking water by 100 times. That caustic chemical, at…


Image for post
Image for post
Photo by Natanael Melchor on Unsplash

Another year, another flurry of reports on the precarious security of connected medical devices.

Which should prompt another reminder that while those security risks are real, should be taken seriously, and need to be addressed more aggressively, there is general agreement among experts that the benefits of those devices still outweigh the risks, by a lot. Indeed, there are potentially deadly risks in many areas of life — driving a car, flying in a plane, climbing a mountain and more.

But as we all know there are numerous things that have been done to make those activities much safer. And…


Image for post
Image for post
Photo by Sergey Zolkin on Unsplash

Nothing good goes uncorrupted. Or unexploited.

Which is a depressing but important reality in just about any area of life, but especially in cybersecurity. Unfortunately it applies to collaboration — in general a very good thing. People who collaborate are usually able to create or do something better together than any one of them could have done on their own.

In cybersecurity, collaboration means software vulnerabilities frequently get discovered more quickly and therefore get patched before hackers can exploit them. A two-decades-old slogan declares that “given enough eyeballs, all bugs are shallow.” It’s a bit like crowd-sourcing security.

But that…


Image for post
Image for post
Photo by Matthew Henry on Unsplash

Keep your software up to date!

As any cybersecurity expert will tell you, that’s more than just a casual reminder. It’s an urgent exhortation, frequently delivered with a true-life scare story.

If you don’t install available patches and updates to fix known vulnerabilities in your software, you could become the next Equifax, the credit reporting giant breached in 2017 because it failed to install a patch in the web application framework Apache Struts — a patch that had been available for months. The breach compromised Social Security numbers and other personal data of 147 million customers.

So with that and…


Image for post
Image for post
Photo by Andres Urena on Unsplash

Believe it or not, the two parties in Congress and the President have agreed on something both significant and substantive since Election Day: Not just that the Internet of Things (IoT) needs better security, but on how to do it — or at least try.

Both houses of Congress passed — unanimously! — and President Trump signed, the “Internet of Things Cybersecurity Improvement Act of 2020, an effort that began more than three years ago.

There is no question about the need — it’s blindingly obvious. You could count the reasons. Actually, you couldn’t count them, at least not without…


Image for post
Image for post
Photo by Markus Spiske on Unsplash

It has been said before, but it needs to be said again — and again: Software can make or break your business.

If it’s high-quality, with security “built in” throughout the software development life cycle (SDLC), it can streamline your operations, protect your assets, and help you create and deliver products and services that can make you prosperous.

If it is written poorly, with little attention paid to security, software can make you an easy target for online attackers who can exploit its vulnerabilities to steal your intellectual property, your money, and your customers’ personal and financial information. …


Image for post
Image for post
Photo by heylagostechie on Unsplash

It’s become a cliché because it’s true: If you’re in business, you’re a software company. But these days that cliché has become a bit more specific: You’re an open source software (OSS) company.

Because virtually all software products built and in use today include open source — the kind that’s free and available for anyone to use, modify, or share as they please, although it usually comes with some licensing restrictions or obligations.

Which is why, if you’re in business, you should check out a report released last week by the Synopsys Cybersecurity Research Center (CyRC) on how organizations around…


Image for post
Image for post
Photo by Sigmund on Unsplash

If you’re in business, the cloud is the place to be. It has been for some time — it was more than two years ago that Druva, a cloud data management and security company, reported that of 170 companies it surveyed, an overwhelming majority — 90% — said moving virtualized workloads to the cloud was either a reality or a near-term goal.

That’s both good and bad.

It’s good for reasons that are by now well-established. Cloud environments are generally scalable, reliable, and highly available. They make it easier to forecast ROI, and implementation costs are minimal. The cloud offers…


Image for post
Image for post
Photo by Mark König on Unsplash

Cyber criminals are updating the classic Willie Sutton maxim that the reason he robbed banks was because “that’s where the money is.”

Yes, there’s still plenty of money in banks. But many billions of dollars — Deloitte estimates $182 billion to $196 billion — will be transacted online during the holiday season that is now upon us. That would be a 25% to 35% increase in holiday e-commerce since last year. And it could exceed that estimate, given the resurgence of a worldwide pandemic and constant exhortations to avoid congregating anywhere, which would include places like retail stores.

So, no…

Taylor Armerding

I’m a security advocate at the Synopsys Software Integrity Group. I write mainly about software security, data security and privacy.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store