Global security software market up 3.7% in 2015

Worldwide security software revenue totaled $22.1 billion in 2015, a 3.7 percent increase in from 2014, according to Gartner. SIEM remained the fastest-growing segment in 2015, with 15.8 percent growth, while consumer security software showed the sharpest decline at 5.9 percent year on year. In 2015, the top five vendors together accounted for 37.6 percent of the security software revenue market share, down 3.1 percentage points from 2014. These vendors also displayed a collective decline … More

How MDM software exposes your personal data

Bitglass tracked the personal mobile devices of several willing employee volunteers with mobile device management (MDM) software to understand how MDM could be misused and to assess the true extent of access employers have to personal data and user behavior. Researchers configured the MDM software to route mobile data traffic through a corporate proxy and installed corporate-issued certificates on employee devices to decrypt SSL traffic. This, a common configuration in enterprise MDM deployments for inspecting … More

Mozilla will fund code audits for open source software

The Mozilla Foundation has set up the Secure Open Source (SOS) Fund, whose aim is to help open source software projects get rid their code of vulnerabilities. “The Fund is part of the Mozilla Open Source Support program (MOSS) and has been allocated $500,000 in initial funding, which will cover audits of some widely-used open source libraries and programs,” Chris Riley, Mozilla’s Head of Public Policy, explained. “But we hope this is only the beginning. … More

It takes 248 days for IT businesses to fix their software vulnerabilities

Compiled using data collected from tens of thousands of websites, a new WhiteHat Security report reveals that the majority of web applications exhibit, on average, two or more serious vulnerabilities per application for every industry at any given point in time. The report’s findings are based on the aggregated vulnerability scanning and remediation data from web applications that use the WhiteHat Sentinel service for application security testing. The research shows that no industry has mastered … More

Improving software security through a data-driven security model

The current software security models, policies, mechanisms, and means of assurance are a relic of the times when software began being developed, and have not evolved along with it, says Google researcher Úlfar Erlingsson. Practical security of computer users has, therefore, worsened, even as a plethora of computer security mechanisms have been introduced time and time again. Erlingsson proposes a new data-driven software security model to improve user and system security. “When deciding whether software … More

Free badge program helps determine the security of open source software

The Core Infrastructure Initiative (CII), a project managed by The Linux Foundation that aims to improve the security of critical open source projects, issued its first round of CII Best Practices Badges. Early badge earners include Curl, GitLab, the Linux kernel, OpenBlox, OpenSSL, Node.js and Zephyr. This is a free program that seeks to determine security, quality and stability of open source software. The CII Best Practices online app enables developers to quickly determine whether … More

Bangladesh Bank hackers compromised SWIFT software with bespoke malware

Bit by bit, indications about how the attackers who targeted Bangladesh’s central bank managed to take off with some $80 milllion (of the nearly $1 billion they aimed for) via fraudulent transfers are coming to light. First it was established that second-hand, cheap networking equipment that collects next to no network data, and the lack of a firewall between the bank’s SWIFT facility and the rest of the network, helped the attackers pull off the … More

Over 3 million servers running outdated JBoss software open to attack

Spurred by the recent discovery that the Samas (aka SamSam) ransomware is being spread via compromised servers running out-of-date versions of Red Hat’s JBoss server software, Cisco Talos researchers have begun scanning the Internet for machines that might be at risk. They found approximately 3.2 million vulnerable machines, but also a considerable number of those that are already compromised: 2,100 backdoors have been already been installed across nearly 1600 IP addresses. Another way into the … More

Software tools and services used to achieve ISO 27001

With high profile breaches becoming almost a daily occurrence in the media, many organizations are now turning to the ISO 27001 information security standard to help them stay out of the press and prove to their customers that they take security seriously. Even with a strong management commitment, adoption can be difficult and time-consuming unless smart choices are made. Many organizations are unsure of what’s available to help them implement and get certified in quick … More

The state of the cloud and the Software-Defined Data Center

We’ve long been moving toward cloud-based and virtualized infrastructures, but in some ways 2016 might just be the year in which the Software-Defined Data Center (SDDC) really becomes a fixture in corporate America, according to HyTrust. There’s belief that optimal SDDC strategies and deployment can drive up virtualization ratios and server optimization. All this because even though data breaches will surely happen, concerns over security and compliance will be far less an obstacle. SDDC: Positive … More