The Debian administration team and security experts are finally able to pinpoint the method used to break-in into four project machines. However, the person who did this has not yet been uncovered.. . .
I would like to announce the availability of a new and free resource to the software security community, the SC-L email discussion forum. The moderated forum is open to the public. The group's purpose is, "to further the state of the practice of developing secure software, by providing a free and open, objectively moderated, forum for the discussion of issues related to secure coding practices throughout a software development lifecycle process (including architecture, requirements and specifications, design, implementation, deployment, and operations).". . .
A proposal to create an association to represent the interests of hackers and vulnerability researchers is gaining support, a security expert said Wednesday. The group, which would be geared toward researchers and not software vendors, would provide guidelines on vulnerability disclosures . . .
The Secure Trusted Operating System Consortium (STOS) announced Friday the keynote speakers for its fifth annual symposium to be held December 1-5, 2003 at George Washington University in Washington, DC. Anyone involved in securing Mac OS X or BSD systems or . . .
The Trusted Computing Group passed a milestone in its efforts to improve computer security this week, announcing a key update of its specification. The update comes as the TCG adds Sun Microsystems Inc. to its membership and forms a new working . . .
Companies will have to change the way they sell security products, analysts have advised. The security-selling problem stems from IT staff and management executives holding different views on what constitutes a return on investment (ROI).. . .
If your company lacks the basics--antivirus software, firewalls and other basics--then your organization is in serious trouble. The only way you can survive in this situation is if you are not connected to the outside world at all. If you are in this unfortunate situation and can't convince your senior management of the extreme danger of this position, then I'd suggest you polish your resume, hone your skills and start packing.. . .
The best place to start is with what "The State of Information Security 2003" survey doesn't include. It doesn't include some stark bit of data that will make you slap your forehead and exclaim, "Oh, that's the problem!" It doesn't include figures that suggest a secret formula for setting a security budget.. . .
Where does the security buck stop? All of the certifications and training in the world won't make any difference to the security of corporate networks if senior managers and top executives don't understand the problems and requirements faced by security professionals, a consultant and former CIO said in a Wednesday keynote speech here at the Security Decisions 2003 conference.. . .
Evans Data Corporation's Fall 2003 North American Development Survey has found that Linux has increased its lead in developers' minds as the "most innately secure operating system" from 19% six months ago to 23% today. . . .
What legal regimes or market initiatives would best prevent the unauthorized disclosure of private information while also promoting business innovation? As individuals do more - shopping, talking, working - on-line, they leave private information behind in databases stored on Internet-connected . . .
Are network intrusion detection systems (NIDS) still relevant? With the emphasis shifting to network intrusion protection in the last two years, this technology looks like it is on its last legs. But is it? Related to intrusion detection and protection . . .
As CEOs turn to security professionals to protect the enterprise, it's about time some security professionals became top executives themselves. Security is finally becoming a primary IT job function. But does it mean that security professionals will be granted their own role in executive management?. . .
Von Spangler submits Currently the Info-Sec Writers Guild - a non-profit organization (www.infosecwriters.com) - has security/hacking books and training kits that they're giving away as prizes for the "Best Security Papers" of the month contest. Basically anyone who submits . . .
The ability to enhance security in information systems and networks is limited by the operating systems that underpin them. Recognizing this, the Institute of Electrical and Electronics Engineers (IEEE) has begun work on a standard to formulate consistent baseline security requirements for general-purpose (GP), commercial, off-the-shelf (COTS) operating systems.. . .
The Computer Emergency Response Team (CERT) Coordination Center, a security-incident clearinghouse, introduced on Monday a program to certify information technology professionals in incident handling and response.. . .
Matthew G. Marsh submitsThe Fifth Annual CERT Conference on Computer Security and Information Assurance will be held August 5-7, 2003. The online registration site is now open. Early bird registration closes July 10th. . .
This conference is designed by and for those responsible for Information Assurance programs in the public sector. The three-day agenda includes sessions on planning, managing, and funding IA initiatives throughout government enterprises. September 15 - 17, 2003 . . .
If not center stage, Linux and Open Source software certainly occupy a credible place within the upcoming CeBIT America 2003 conference and exhibition taking place at New York City's Jacob K. Javits Convention Center, reflecting the growing acceptance and use of . . .
In the quest for an ironclad information-security program, organizations typically take a textbook approach: First, a business-impact analysis and asset-assessment study identify critical data needing protection and the servers where that data resides. Then, security policies are developed from these studies, your business plan and organizational goals.. . .
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
