first_imgWe hope that today’s “READERS FORUM” will provoke honest and open dialogue concerning issues that we, as responsible citizens of this community, need to address in a rational and responsible way?WHAT”S ON YOUR MIND TODAY?Todays“Readers Poll” question is: Are you disappointed that not one City Council member made a request to the City Controller to give them a detailed financial accounting of the Evansville Thunderbolts?Please go to our link of our media partner Channel 44 News located in the upper right-hand corner of the City-County Observer so you can get the up-to-date news, weather, and sports. We are pleased to provide obituaries from several area funeral homes at no costs.  Over the next several weeks we shall be adding additional obituaries from other local funeral homes.  Please scroll down the paper and you shall see a listing of them..If you would like to advertise on the CCO please contact us at City-County [email protected]:  Any comments posted in this column do not represent the views or opinions of the City-County Observer or our advertisers.FacebookTwitterCopy LinkEmailSharelast_img read more

Read More

first_imgThe second tip he suggests is to get a handle on the software architecture from a security perspective. There are two kinds of defects that lead to security problems: bugs in the code and flaws in the design. The way developers can review their software architecture is by analyzing architecture risk or do an analysis and threat modeling. All developers should try to do this, especially software architects, said McGraw. The last thing he suggests is penetration testing, but this is number three on the list and not number one, said McGraw. Developers can hire a firm or they can use automated tools that are sort of like penetration tests. The idea is to intentionally attack your own code to see if it will break, he said. Cloudflare’s CTO John Graham-Cumming said that developers should also pay attention to the code that they use. Most developers use other people’s code as part of whatever they are building, he said, and this is a common way he sees websites and apps being hacked. He said that roughly 80% of web applications have some piece of code out of date, and this is something that developers should really be wary of. In addition to these tools and practices, developers can also consider the benefits of open source, said Graham-Cumming. Cloudflare utilizes open source, and he said the nice thing about it is developers can be aware of the problems and even fix it themselves. Other considerations for developers comes from Dimitri Sirota, CEO of data protection and privacy company, BigID. He said developers should consider code scanners, since they can validate software against zero-day vulnerabilities and open-source patch levels. They also should think about good practices around storing and using sensitive data, and they should do some sort of commit review appropriate for agile, so new commits can be verified for data usage, he said. Developers will never be responsible for all of security in an organization, but if they keep up with best practices, resources, and find new ways to secure and deliver good code, they could play a key role in developing resilient software. Today, most firms have a software security group (or SSG) or a product security group, and they are the team that is responsible for making software security happen. However, they work alongside developers to make sure they too are aware of security best practices, like how to write secure code and do threat modeling. What this means is that developers are partially responsible for software security, and they should be, said Gary McGraw, vice president of security technology at Synopsys Software Integrity Group. Developers are not responsible for “the whole kahuna,” as he puts it. “A lot of people want to blame development for all security issues, but it’s not the developers’ fault that no one ever taught them about security in their career, yet,” said McGraw. “ We need to all work together to address that problem.”Free security resources for developers In order to “work together,” as McGraw puts it, developers need to create software that is threat resilient and bug free. There are plenty of blogs and tools designed to help developers do this. SD Times’ cybersecurity sources suggest developers check out these free resources to get started with security best practices: Stack Overflow: Most developers know how valuable Stack Overflow is when it comes to getting quick answers. Use this site to keep tabs on Stack Overflow’s engineering team, listen to podcasts, and read stories from talented speakers. HYPR: HYPR is a biometric security company, and a broader, more community-centered iteration of its blog is coming soon. The company plans on having more content about software development best practices that are not necessarily HYPR product-focused, but developers can enjoy reading and sharing best practices they find on the blog. O’Reilly Security: O’Reilly organizes several conferences a year on things like software architecture, DevOps, and you guessed it: security. While the conference itself isn’t free, O’Reilly puts out free reports and resources for developers, like their Docker Security report and Big Data security report. Snyk: Snyk tests to see if your JavaScript and Ruby GitHub repositories are vulnerable, and fixes them with a pull request, for free. Currently, Snyk tracks over 390 npm and 320 RubyGem vulnerabilities. Other resources on their site include technical blog posts and other resources. Developers can quickly get started on GitHub. Security StackExchange: According to CEO of biometric security company HYPR, George Avetisov, this is a great community where developers can collaborate and learn from other security experts. Wireshark: Network analysis tools are invaluable for double-checking TCP packets for mistakes, said Avetisov. Wireshark is a network protocol analyzer for Unix and Linux. Schneier on Security: Bruce Schneier, a “security guru,” is the author of 13 books, and his Crypto-Gram newsletter and blog are read by over 250,000 people. He’s even testified before Congress, so it’s safe to say developers can learn a thing or two about software from him. KrebsonSecurity: Brian Krebs, a reporter known for his stories in The Washington Post, became intensely interested in computer security after his whole home network was overrun by a Chinese hacking group. Check out his many blog posts and reports on security. reddit.com/r/netsec: This subreddit is a community for technical news and discussions on information security and related topics. “Trusted by CIA analysts everywhere!”OWASP: An open source project which is “the de-facto standard for whomever wants to include security in web application development,” said Dario Forte, CEO of DF Labs. BSIMM: Available under the Creative Commons, this free material addresses software security trends, it looks at the value of software security, and it looks at the industry changes surrounding security practices. Think of the BSIMM as a measuring stick for software security teams or security groups, said Synopsys’ McGraw. Troy Hunt: Troy Hunt writes a detailed security blog, he creates courses for Pluralsight, and he is a Microsoft Regional Director. He knows how to create and secure applications for the web with the security community. Also, he was partially responsible for shedding light on the recent CloudPets data breach.Ars Technica: Amit Ashbel, cybersecurity evangelist from Checkmarx, suggests developers keep tabs on the security reports from Ars Technica.MakeAWebsiteHub.com: MakeAWebsiteHub.com has a few great resources for developers looking to create secure websites. For instance, the site includes cheat sheets on HTML5, CSS, jQuery, and more.WebsiteSetup: This free guide created by web developer Robert Mening lets anyone make their own websites without having to learn how to code.Besides these free resources, McGraw said there are three things developers need to consider when it comes to security. First, they need to do code review and utilize the available code review tools for security. He said if developers are writing code, they should have it reviewed automatically with a tool.last_img read more

Read More

first_imgAs part of the program, they will offer a fully paid trip to one of Rust’s conferences, the choices being RustFest Paris in May, RustConf in August, or Rust Belt Rust in October. “We believe the 2018 edition is a great opportunity, not only to simply get new people involved in the Rust project, but to also demonstrate the huge impact that even newcomers to the project can make. Rust is committed to being a friendly and inclusive project that welcomes new contributors from all sorts of backgrounds—we actively want to be a project that you want to work on, and we’re excited to learn about how we can do that better,” the team wrote in a post.Microsoft announces reorganization to focus on building new engineering teamsSatya Nadella, CEO of Microsoft, sent a company-wide email informing employees of the creation of two new engineering teams that will work towards accelerating innovation. He announced that Terry Myerson will be leaving the company in the coming months and will work with them to ease the transition. Rajesh Jha will be leading a new Experience & Devices team, while Scott Guthrie will lead a new Cloud and AI Platform team. He also revealed that Microsoft will create a new AI and Ethics in Engineering and Research (AETHER) Committee to form internal policies and dictate how to respond to issues in an ethical way. “We can’t let any organizational boundaries get in the way of innovation for our customers. This is why a growth mindset culture matters. Each one of us needs to push on what technology can do for people and for our world. It will take courage to keep learning and growing together — encouraging one another’s individual strengths, building more diversity and inclusion across our teams, and collaborating as One Microsoft. It’s amazing what we have been able to accomplish together, and yet I still believe we are in the very early days of what is possible,” Nadella wrote in the email. Security Compass has announced new dashboards for its SD Elements platform, which aims to provide DevOps teams with a single view that shows risks from software, infrastructure security, compliance, and policy. The new insights will allow teams to better incorporate risk management and compliance into the process of creating new software. The SD Elements platform is risk assessment solution designed for the entire life cycle. “Our first-of-its-kind SD Elements platform translates policies to prescriptive, measurable procedures that are used by engineering teams and business units to achieve their security and compliance objectives,” said Ehsan Foroughi, vice president of SD Elements at Security Compass.  “The new risk dashboard feature is our latest innovation that leverages automation for these practices allowing organizations to review the compliance of applications across business units, while rapidly and efficiently deliver technology that is secure by design.”Amazon announces Gadgets Skill API for Echo Button Amazon has announced the Gadgets Skill API, which will allow developers to create game skills for Echo Buttons. Developers can make skills that will be able to respond to button presses and send actions to Echo Buttons, such as telling it to light up. Along with the release, Amazon has launched Simon Tap, a reimagined version of the classic game, Simon, that uses the Gadgets Skill API with an Echo Button. It has also released Freedom Buttons, Alpha Buzz, Color Tap, and Horse Race for Echo Buttons. A moredetailed list of what each of these can do is available here. Increasing Rust’s Reach program will run again in 2018The Increasing Rust’s Reach program will be running again this year, the Mozilla-backed programming language team announced. The program is designed to grow Rust’s community of collaborators and leaders by matching Rust’s team members with people who are underrepresented in the Rust community and the tech industry for a period of three months. last_img read more

Read More