Big Data and NoSQL: Analyzing Complex Application Portfolios

There is more data to manage today than ever before, and this is creating an increasingly pounding headache for business executives that no dose of aspirin will soon relieve. With so many different forms of data and ways of storing that information within the organization, new data management methodologies are needed to make sense of this mind-numbing flood also known as Big Data.
Enter NoSQL. Differing from its much older and experienced brother – SQL – NoSQL has come onto the scene as the “new” and “hip” database paradigm (much like we talk about the Millennial generation). Also known as “Not Only SQL”, NoSQL is a flexible approach to data management and design that is useful for very large sets of distributed, unstructured data.

Recap: Software Risk Summit 2016

Panel Discussion at the 2016 Software Risk Summit
Software risk has historically been overlooked as a security concern by business leaders, and companies have paid a high price as a result. Remember the JPMorgan hack of 2014? That cost the bank more than $6 billion. RBS has paid £231 million for their IT failures as of two years ago. The Target breach? The retailer posted a write down of $152 million. Or, more recently, Jeep controls being taken over by hackers, and a similar incident with Toyota-Lexus having to fix a software bug that disabled cars’ GPS and climate control systems? That costs the manufacturers valuable consumer confidence points and can seriously damage sales.
So I was thrilled to know that the topic for the first annual Software Risk Summit in New York was indeed just that, software risk. I had the pleasure of moderating the panel discussion with esteemed guests from BNY Mellon, the Software Engineering Institute at Carnegie Mellon, the Boston Consulting Group and CAST. But beforehand, I was able to sit-in on the keynote by Rana Foroohar.

Application Security in the Internet of Things

High-capacity network bandwidth has become more widely available, and we have quickly tapped into every last inch of its capacity. More devices are built with wi-fi capabilities, the costs of mobile devices are going down and smartphones are in the hands of more people than ever before. In fact, Apple might have already exhausted the market and is seeing drastically lower sales forecasts for the iPhone.
We are moving into an era in which virtually any device will connect to the Internet. Phones, fitness trackers, dishwashers, televisions, espresso machines, home security systems, cars. The list goes on. Analyst firm Gartner estimates that over 20 billion connectable devices will exist worldwide by 2020. Welcome to IoT—the Internet of Things. A giant network of connectable things.

Was Lack of Proper Code Analysis Tools a Root Cause of Juniper Networks Security Backdoors?

With the advancements of both cloud and mobile technologies, security remains a hot topic for every company. The number of reported instances of security backdoors due to faulty code or hardware continues to stagger. A recent article by Wired has brought forth another one of these unfortunate issues for a big player: Juniper. This technology giant has been providing networking and firewall solutions to companies, corporations, and the government for a number of years.
As a leader in networking technology, the last thing you want to hear is that a tech powerhouse like Juniper has found an application security problem. Two security issues were identified after a code review session outside of the company’s normal evaluation cycle. Security continues to remain a primary concern as more companies, government agencies, and even individuals rely on technology providers to manage data or maintain smooth operations.

Blackphone Update Removes Critical Security Threat: Did Code Quality Issues Contribute to the Problem?

As reported in a recent article by InfoWorld, a high profile privacy driven smartphone provider located a security hole capable of exposing their devices to attacks. Blackphone is a specially designed smartphone developed by SGP Technologies, who operates as a subsidiary of Silent Circle. The phone uses VPN for Internet access and runs on a modified Android version titled “SilentOS”. A third-party component Silent Circle used as part of the device design was capable of exposing the secure smartphone to outside attacks.
What Was the Security Issue?
The vulnerability made it possible for an attacker to control the modem functions of the phone. Researchers brought this problem forth when they identified an open socket accessible on the phone during a reverse engineering exercise. Currently, Blackphone is one of the most secure phones on the market because it uses built-in encryption to deliver secure:

Voice Calling
Text Messaging
Video Conferencing
File Transfers

IT Leaders Address the Value of Software Measurement & Government Mandates Impacting Development

IT leaders from throughout the federal government discussed the value of how software measurement can positively impact their development process at CAST’s recent Cyber Risk Measurement Workshop in Arlington, VA – just outside of the Washington, D.C. area. The event brought together more than 40 IT leaders from several governmental agencies, including the Department of Defense and Department of State, system integrators and other related organizations. The group shared their experiences in how their respective organizations are driving value to end users and taxpayers.
Measuring and managing software quality is not just about compliance with government mandates, but rather around the proposition that strong software quality, security and sustainability are paramount. However, compliance remains essential. Three primary points around software compliance voiced by attendees were:

Government mandates point to the fact that software must have a measurement component
Industry standards, such as the Consortium for IT Software Quality (CISQ) and The Object Management Group (OMG) are available and should be leveraged
Technology solutions exist to help public sector firms address these mandates

Software Risk: A Tale of Technology Woes and Failures

In 2014, the IT infrastructure at the Federal government’s Office of Personnel Management (OPM) was upgraded from a security rating of “material weakness” to one of “significant deficiency,” according to The Wall Street Journal’s CIO Report. Which means that the OPM, even after upgrading to mitigate software risk, wasn’t up to snuff. That is – to put simply – unacceptable. It is also both a dismal and infuriating fact to learn – especially for those who were among the 21 million present and past Federal employees, revealed last week, to have had their Social Security numbers and other personal information stolen in the recent data breach.