fortify

Hackers see the cloud as ripe territory

Is the cloud a hacker's paradise? A survey at last month's Defcon hacking conference paints that picture.

Sponsored by security vendor Fortify Software, the survey asked 100 hackers who attended Defcon about security in the cloud. A sizable 96 percent said they believe the cloud opens up more hacking opportunities, while 89 percent said cloud vendors aren't doing enough to address cybersecurity issues.

Among the hackers surveyed, 45 percent said they had already tried to exploit vulnerabilities in the cloud. Although only 12 percent admitted to hacking into cloud systems for the money, that's still a … Read more

HP to buy security firm Fortify

Mark Hurd may be gone, but Hewlett-Packard isn't standing still. The company said Tuesday that it will acquire Fortify Software, a security and compliance company.

Terms of the deal were not disclosed in the companies' joint statement. Over the past year, HP has been on a bit of a buying spree with the acquisitions of 3Com and Palm.

Compared with those deals, the acquisition of Fortify is more of the tuck-in variety. Fortify's software allow developers to layer in security and compliance protections throughout the application creation cycle. Fortify is best known for its 360 security suite.

Read … Read more

Security Bites 118: Voting in America

Voting--it's the cornerstone of our democracy. But in recent years, both the systems we use and the trust we have in the accuracy of our votes have been challenged.

A new report (PDF) looks at all the systems currently in use--from paper ballots to Direct-Recording Electronic machines--and the issues that surround them. Researchers at Fortify analyzed threats against three phases of an election (voter registration, casting votes, and tabulating votes), highlighting specific ways voting systems have been compromised, summarizing the strengths and weaknesses of current voting techniques, and then providing guidance for voters to ensure their votes are handled … Read more

Security Bites 111: Iron Chef returns to Black Hat

Iron Chef returns to Black Hat. No, its not the Food Network import from Japan broadcasting live, but the Fortify edition featuring lead security researchers as they struggle against the clock to find vulnerabilities. This year, the secret ingredient is open-source code.

Brian Chess, chief scientist at Fortify Software, and Jacob West, who manages Fortify Software's Security Research Group, tell CNET's Robert Vamosi that one team will use static analysis while the other will use fuzzing. Chess confirmed that Charlie Miller and Jacob Honoroff will be on the fuzzing team, and Sean Fay and Geoff Morrison from Fortify … Read more

Security Bites 109: Open-source security

For years, one of the arguments for using open-source software instead of proprietary software held that open source was more secure. After all, having thousands of eyes looking at the code can't but help find and mitigate potentially dangerous bugs. A new report from Fortify challenges that assertion.

Open-source software can be found in over half of the enterprises today. And open source code can be found within the Mac OS 10 operating system. But how are open source vulnerabilities and, more importantly, their patches handled?

This week a report from Fortify found that, while vulnerabilities exist and are … Read more

The good (and bad) news about electronic voting

Following the February 5 presidential primary, several county clerks in New Jersey asked an independent researcher to study the vote results on the state's electronic voting machines. The vendor, Sequoia, has threatened legal action, but so far hasn't taken any. Initial results suggest that there were some inconsistencies in vote tallies, although none were enough to reverse the election results themselves.

Since last year, several states have requested audits of electronic voting systems. In California, the audits resulted in some systems being scrapped for the 2008 presidential primaries. As we turn our attention to the fall 2008 presidential … Read more

Security Bites 98: The good (and bad) news about electronic voting

This week, Robert Vamosi talks with Fortify CSO Brian Chess about electronic voting. Listen now: Download today's podcast A correction was made to this story. Read below for details.

Since last year, several states have requested audits … Read more