Developers tracking the latest product vulnerabilities now have a central location
to check—the National Vulnerability Database.
The Sammons Financial Group wanted a handle on the information on its network to satisfy compliance, security and privacy requirements.
Iron Mountain, which provides records management and data protection services, is advising its off-site data protection customers to encrypt their backup tapes.
Symantec released yesterday its Internet Security Threat Report, for the first 6 months of the year, in which the company says Internet attackers are more frequently targeting desktops rather than enterprise perimeters.
Although it claims it is not a security vulnerability, Microsoft has released another of its frequent security advisories, this time to alert users to a flaw in Windows Firewall that would prevent IT administrators from seeing open ports on XP and Server 2003 servers.
Most businesses have tackled viruses, hammering best practices into their users and implementing anti-virus software. However, these same enterprises and their users still don’t realize spyware’s potential damage, according to a session at a recent SHARE user conference in Boston.
Cloakware has expanded language support for its Cloakware Security Suite to include C, C++ and Java, extending the range of code that can be protected from reverse engineering when the software is stored on a disk, and against tampering when the software is stored on disk or running in memory.
Sales associates at Gordmans, an apparel and home fashions retailer, found they were spending more time waiting for inventory data than they were spending on customers.
A service-oriented architecture (SOA) takes the discrete business functions in enterprise applications and organizes them into interoperable services—which is one of the most effective ways to share and consume information with partners. But managing and exposing these services creates some big security risks; keeping the bad guys from connecting to those services is tricky.
Arbor Networks is introducing an anomaly detection and internal intrusion prevention system that traces inappropriate behavior back to users—down to their names.
“Viruses are bad and worms are worse, but these broad types of attacks just aren't having the same negative financial impact on the enterprise as the growing number of targeted attacks against the application layer," says John Pescatore, an analyst at Gartner.
Application security must be the top priority for developers and business throughout the product development lifecycle. That was the gist of Symantec’s recent Webcast, “Securing the Development Phase of the Application Development Lifecycle.”
Much discussion about IT security centers around the idea that developers should build secure applications. It makes sense; more than ever, attackers are targeting vulnerabilities in the application layer. But in an increasingly service-oriented world, in which monolithic applications are being broken down into smaller pieces for reuse, is it practical to expect developers to code security into individual Web services?
With internal auditors breathing down their necks over compliance and security issues, many large companies are eager for help organizing IT operations infrastructure. That helps explain the mushrooming popularity of the Information Technology Infrastructure Library.
Hardware-based two-factor authentication has been around for about two decades, but interest in sign-on solutions that require something you know (your password) and something you have (a hardware token) has recently gotten some serious gotten mass-market attention.
Exploited software flaws cost the U.S. financial services industry more than $3 billion per year, according to the National Institute of Standards & Technology.
Data security is a matter of good architecture, and XML doesn’t
do anything to aggravate security problems.
The World Wide Web Consortium recently approved XML Key Management System 2.0, adding public key management to the W3C XML Security Framework.
Trend Micro is delivering an upgraded version of its InterScan Web Security Suite that the company says will stave off viruses and other Internet threats that continually target enterprises.
The good thing about Web services is that they expose interfaces, streamline connections
and accelerate business processes. The bad thing about Web services is that they
expose interfaces, streamline connections and accelerate business processes.