Connect with us

News

SOFTWARE SECURITY BEST PRACTICES ARE CHANGING, FINDS NEW REPORT

Published

on

Independent software vendors, along with Internet of Things and cloud vendors, are involved in a market transformation that is making them look more alike. The similarities are evident in the way they approach software security initiatives, according to a report from Synopsys.

Synopsys on Tuesday released its ninth annual Building Security in Maturity Model, or BSIMM9. The BSIMM project provides a de facto standard for assessing and then improving software security initiatives, the company said.

Based on 10 years of conducting the software study, it is clear that testing security correctly means being involved in the software development process, even as the process evolves, said Gary McGraw, vice president of security technology at Synopsys.

Using the BSIMM model, along with research from this year’s 120 participating firms, Synopsys evaluated each industry, determined its maturity, and identified which activities were present in highly successful software security initiatives, he told LinuxInsider.

“We have been tracking each of these vendors separately over the years,” McGraw said. “We are seeing that this whole cloud thing has moved beyond the hype cycle and is becoming real. As a result, the three categories of vendors are all beginning to look the same. They are all taking a similar approach to software security.”

Report Parameters

The BSIMM is a multiyear study of real-world software security initiatives based on data gathered by more than 90 individuals in 120 firms. The report is a measuring stick for software security, according to Synopsys.

Its primary intent is to provide a basis for companies to compare and contrast their own initiatives with the model’s data about what other organizations are doing. Companies participating in the study then can identify their own goals and objectives. The companies can refer to the BSIMM to determine which additional activities make sense for them.

Synopsys captured the data for the BSIMM. Oracle provided resources for data analysis.

Synopsys’ new BSIMM9 report reflects the increasingly critical role that security plays in software development.

It is no exaggeration to say that from a security perspective, businesses have targets painted on their backs due to the value that their data assets represent to cybercriminals, noted Charles King, principal analyst at Pund-IT.

“Software can provide critical lines of defense to hinder or prevent incursions, but to be effective, security needs to be implemented across the development cycle,” he told LinuxInsider. “The BSIMM9 report nails some high points by emphasizing the growing importance of cloud computing for businesses.”

Report Results

Rather than provide a how-to guide, this report reflects the current state of software security. Organizations can leverage it across various industries — including financial services, healthcare, retail, cloud and IoT — to directly compare and contrast their security approach to some of the best firms in the world.

The report explores how e-commerce has impacted software security initiatives at retail firms.

“The efforts by financial firms to proactively start Software Security Initiatives reflects how security concerns affect and are responded to differently by various industries and organizations,” said King. “Overall, the new report emphasizes the continuing relevance, importance and value of the Synopsys project.”

One key finding in the new report is the growing role played by cloud computing and its effects on security. For example, it shows more emphasis on things like containerization and orchestration, and ways of developing software that are designed for the cloud, according to McGraw.

Following are key findings from this year’s report:

  • Cloud transformation has been impacting business approaches to software security; and
  • Financial services firms have reacted to regulatory changes and started their SSIs much earlier than insurance and healthcare firms.

Retail, a new category for the report, experienced incredibly fast adoption and maturity in the space once retail companies started considering software security. In part, that is because they have been making use of BSIMM to accelerate faster.

In one sense, the report enables predicting the future, allowing users to become more like the firms that are the best in the world, according to McGraw.

“The bottom line is that we see the BSIMM is indicating a market transformation that is actually taking place. We are getting past the baloney into the brass tacks,” he said.

Structural Design

Researchers established a BSIMM framework based on three levels of activities with 115 activities divided into 12 different practices.

Level one activities are pretty easy and a lot of firms undertake them, noted McGraw. Level two is harder and requires having done some level one activities first.

“It is not necessary, but that is what we usually see,” he said. “Level three is rocket science. Only a few firms do level three stuff.”

The researchers already had some idea of what is easy and what is hard in dealing with software security initiatives. They also know the most popular activities in each of the 12 practices.

“So we can say if you are approaching code review and you are not doing this activity, you should know that pretty much everybody else is,” said McGraw. “You should then ask yourself, ‘Why?'”

That does not mean you have to do XYZ, he added. It just means maybe you should consider why you are not doing that.

Understanding the Process

The BSIMM9 report also gives a detailed explanation of the key roles in a software security initiative, the activities that now comprise the model, and a summary of the raw data collected. It is essential to recognize the target audience for the report.

The audience is anyone responsible for creating and executing a software security initiative. Successful SSIs typically are run by a senior executive who reports to the highest levels in an organization.

They lead an internal group the researchers call the “software security group,” or SSG, charged with directly executing or facilitating the activities described in the BSIMM. The BSIMM is written with the SSG and its leadership in mind.

“We are seeing for the first time a convergence of verticals — ISVs, IoT vendors and the cloud — that used to look different in the way they approached software security,” said McGraw. “They were all doing software security stuff, but they were not doing it exactly the same way.”

Fresh Look, New Perspectives

Each year researchers talk to the same firms as well as new participants. All of the data is refreshed each year. That provides a perspective of at least 12 months — but probably, on average, a much shorter time span. There is not that much of a lag indicator involved because of the scientific methods the researchers use, according to McGraw.

The BSIMM review provides a much more objective view of what is going on in the target groups than you would get by looking at a few case studies, he noted. That was one of the study’s goals when he initiated it years ago.

“The BSIMM is the result of wanting to have real objective data without overemphasizing technology or people of particular vendors or whoever paid us money,” McGraw said.

Funding Path Essential

Under the BSIMM’s charter, it is designed not to be a profit-making, but to help Synopsys break even. Firms pay for their participation in the study and sponsored events, said McGraw. Non-participants can view the report for free, but paying to participate gets the companies their own results.

This gives the paid participants a very intense look at their own software security and how it compares to others with their own data published for them, McGraw explained. The published report does not provide the data of individual firms, only collective data.

The most important outcome for participating is feedback from the community that developed among the participants, according to McGraw. Synopsys holds two annual conferences, one in the U.S. and one in the EU.

Bottom Line

Ten years ago security researchers did not know what everybody was doing regarding software security. Now firms can use the BSIMM data to guide their own firm’s approach to it, according to McGraw.

“We learned that all firms did software security slightly differently. There is no one correct way because the cultures of all the firms and their dev teams differed,” he said.

With a unified view of all the approaches used, researchers can describe in general how to approach software security and track particular activities, McGraw said.

“We didn’t come up with a particular set of prescriptive guidance. Instead, we came up with a descriptive set of facts that you can use to make great fast progress with software security,” he noted.

The Takeaway

BSIMM researchers recognize that the report data on software security never will eliminate data breaches and other software security concerns. Unfortunately, there is no first-order way to measure security, noted McGraw.

“You cannot throw software in a box that lights up red or green. We retreated to developing a look at what successful firms are doing as a way to guide other firms to be more like them,” he said, “but there is no way to measure that directly.”

Synopsys’ theory is that if you want to get out front, you first have to build better software, said McGraw. “Better security comes about with the way you build software.”

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Hardwares

Samsung Galaxy Fold, S10 and 5G phones unveiled at Unpacked event

Published

on

By

  • Samsung has revealed its latest S10 smartphone in San Francisco
  • Here is a hands-on first look at the Galaxy S10, S10 Plus and S10E
  • The Korean giant has unveiled a folding phone, the Samsung Galaxy Fold
  • Samsung has launched a new 5G smartphone
  • Why Samsung’s folding phone could be a blueprint of the future

Samsung has unveiled a folding phone that doubles as a tablet, which the Korean company hailed as the biggest development in smartphones in a decade.

The Samsung Galaxy Fold, which was launched alongside four other smartphones on Wednesday evening, functions as a typical smartphone but can be unfolded to a second 7.3-inch touchscreen.

The device, which will be released in April, will cost at least $1,980 (£1,516), making it by far the most expensive smartphone on the market.

It is the first of its kind from a major smartphone company, with Samsung claiming the device “answers sceptics” who claim that innovation has dried up in the industry

Samsung’s folding smartphone that transforms into a tablet

Samsung also unveiled the latest version of its flagship smartphone line, the Galaxy S10, releasing three models that cost between £669 and £1,099.

The phones – the cheaper S10E, the S10 and the S10+, feature a fingerprint scanner embedded within the touchscreen and three rear cameras that allow for wider-angle photos.

The smartphone-maker also teased its largest phone yet, the S10 5G, which offers 6.7 inch display and promises to be the future of smartphone connectivity. The phone will be available later this year, when 5G networks, that offer faster mobile data connections, come online.

The company is hoping 5G support will give it a leg up over Apple, which is not expected to unveil a 5G phone until next year.  All these devices are capable of wirelessly charging other Samsung phones and accessories.

Image result for samsung fold

The Galaxy Fold in its “closed” form

Phone makers have spent years attempting to develop flexible touchscreens that allow devices to fold in two, answering consumers’ demands for ever-bigger phone screens, without sacrificing portability. Several manufacturers are now working on their own foldable phones, hoping the technology will breathe life into a saturated smartphone market.

“The Galaxy Fold breaks new ground not just because it defines categories. It breaks new ground because it answers sceptics, who say that everything has been done, that the smartphone is a mature category in a saturated market,” Samsung’s mobile chief DJ Koh said. “We are here to prove them wrong.”

Samsung said folding the phone out into a bigger-screened version will allow multi-tasking features such as split-screen apps and better video watching.

However, the high price of the device means it is likely to sell in small numbers. Some versions are likely to sell for more than $2,000, just 18 months after Apple introduced the first $1,000 17 months ago.

The presentations are winding down, and Samsung has left us with their vision of the future in their latest commercial featuring the classic song made famous by Doris Day.

But there’s more to come, keep up to date with the latest Samsung news here and follow @JamesTitcomb on the ground as he elbows everyone out of the way for a first look at the folding phone.

Samsung’s 5G phone

The Galaxy S10 5G is being introduced with a fanfare – a 6.7 inch display that promises to be the future of smartphone connectivity.

This is the biggest screen on a Galaxy device. It comes with a 25-watt charger, so it will charge a lot faster. It has a 3D depth-sensing camera.

Verizon customers will be the first to receive the handsets.

New smartwatch with a full week’s charge

Samsung’s new Galaxy watch features a battery that lasts up to a week and can continually analyse your stages of sleep – this is a huge part of the company’s push into healthcare.

They include heart monitors and “continuous stress tracking when life gets overwhelming”.

Galaxy Buds with Bixby

Samsung has just launched wireless, Apple-style earbuds. Hot take from the Samsung stage: “They are so cool”.

They feature a high efficiency chip set for which allows for 5 hours of calls on a single charge. They are also Bixby-enabled, so you can interact with them remotely and give them instructions (and why wouldn’t you?). They will be available from March.

Incidentally, Bixby can now apparently tell the difference between the Queen’s English and English from Queens (cue laughter from stage). Samsung’s AI assistant also understand three different languages.

S10 price starts at £799 and will be available from March 8

The Samsung Galaxy S10 will start at £799, up to £999. The S10 Plus will start at £899 with a £1,099 version. The S10E will begin at £669.

You can find pre-order details on the Samsung Galaxy S10 here.

Samsung bets on Instagram feature with the S10

The S10 presentation featured Instagram chief executive Adam Mosseri, who presented an “Instagram mode” that will allow users to quickly post any photo onto the social media site.

Of course, there was a rather awkward selfie on stage with DJ Koh….

Here is everything you need to know about the new S10

Matt Field has gone through all of the bells and whistles of the new phones here – here are the highlights and how they differ from the S9.

S10 specs

First photos of the Samsung S10

Here’s the S10

The S10 introduction has come hot on the heels of the Samsung Galaxy Fold. But what does it bring to the table? Read Matthew Field’s guide to the new devices to find out more.

Forget the £1,000 smartphone.

“Samsung just announced the price of the fold – $1,980 and up – and the crowd here literally went ‘ooooooooh'” like a pantomime,” says James Titcomb.

The era for smartphone innovation is not over

DJ Koh Samsung presents the Galaxy Fold.

Samsung chief executive DJ Koh said that the company will prove critics wrong with the lineup of products and services launched this evening. He said:

“The Galaxy Fold breaks new ground not just because it defines categories. It breaks new ground because it answers sceptics, who say that everything has been done, that the Smartphone is a mature category in a saturated market, we are here to prove them wrong”

“Today marks a new beginning, a shift.

“The next decade of progress and innovation. I am excited by what we have achieved, but I am even more excited by what we have enabled.”

Samsung Galaxy Fold: Price and availability

The new device will cost $1,980 (£1,516) and will be available from April 26.

Six cameras, but kind of clunky

View image on TwitterView image on TwitterView image on TwitterView image on Twitter

Galaxy Fold: the specs

The new Galaxy Fold has a 9nm processor and 12GB of RAM, making it one of the most powerful smartphones on the market (and ever). It has 512GB of on board memory. Because the phone folds up like a tablet from essentially two “smartphone” bodies, it has a dual battery, one in each side of the device that link together.

Samsung has claimed that the Galaxy Fold will fit in the palm of the hand when it’s folded.

Galaxy Fold, revealed

It’s here – within a couple of minutes of the launch, we’ve seen the first official photo of the foldable phone. The first official description is “It’s gorgeous”.

Samsung has called the new device part of a “whole new category” and confirmed the name: Samsung Galaxy Fold – with a 7.3-inch folding infinity display that folds the phone out into a tablet.

Samsung says it has invented a whole new hinge system with “multiple interlocking gears” that are hidden away.

And… here we go

It’s kicked off in San Francisco, with some distinctly creepy music. It looks like they are starting with the folding phone…

Watch it live here

The expert’s take

We’ve been stuck in a camera race, Peter Jarich of analyst firm GSMA Intelligence argues, as smartphone makers have struggled to stand out with a “series of black rectangles”.

“If you’re trying to convince people to buy, then foldable is the way to go, ” he says. “This is all taking place at the same time as 5G. Will this have 5G? Doubtful.”

Could Samsung launch the iPhone killer?

Samsung’s launch today could provide the smartphone market with a much-needed jolt this year. In January, Samsung was forced to issue a profit warning as sales fell 11pc and profits dropped dropped 29pc on the back of slowing phone and chip sales; just days after Apple chopped its sales forecast due to an economic slowdown.

So can the S10, a foldable phone or a 5G device turn the tide? One market analyst told us this evening that the smartphone market is so competitive that Samsung can’t afford not to try.  “What if this were the next big thing and they missed out on it?”

Live from San Francisco

James Ticomb (@jamestitcomb) is up and running from the launch in San Francisco. First thoughts?

“Samsung has to pull off the trick of convincing us that the S10 matters and is worth buying, and that phones these days are so boring that you need one that folds in half.”

View image on Twitter

A folding phone is on the cards

Rumours ahead of the launch included a foldable phone, nicknamed Samsung Galaxy X or Galaxy F (for fold), which was teased back in November. It would be a first for the technology company and could be a game-changer in the smartphone market.

Why foldable phones are the next big thing

But that’s not all. Several rivals are rumoured to be launching 5G smartphones at Mobile World Congress next month, which could prompt Samsung to release a rival product today.

Here’s what we know so far

Samsung’s main new phone tonight is expected to be the Samsung Galaxy S10. It is due to feature some “very significant” design changes, according to Samsung’s mobile chief executive DJ Koh. You can read all the rumours here – but we’re expecting more cameras, more memory and a larger display.

Continue Reading

CEO's

Bezos Selfie Controversy Triggers Alarm For Billionaires Worldwide

Published

on

By

Even the world’s richest person couldn’t stop a nude selfie leak.

When Jeff Bezos alleged in a blog post Thursday that he was the victim of blackmail attempts by the publisher of the National Enquirer, he underscored risks particular to billionaires in the digital age.

“The perception among very affluent people is often ‘I have this level of wealth, I’m untouchable,’” said Mark Johnson, chief executive officer of Sovereign Intelligence, a McLean, Virgina-based risk analytics firm. “But the systems they have in place for protecting their personal identifiable information are very weak.”

Ask any family office about its biggest fears and cybersecurity is near the top. Personal protection no longer involves just bodyguards and a top-notch alarm system. The internet age has seen a massive shift in people storing their most sensitive and personal data online, where it’s vulnerable to hacking and intrusion.

‘Absolute Disconnect’

Ultra-wealthy individuals are particularly susceptible because so much of their data are often centralized through family offices, which typically lack the robust firewalls and encryption capabilities of banks and large corporations.

Johnson, a former case officer with the Naval Criminal Investigative Service, said he’s worked with clients with more than $40 billion in assets who had a “Secret Service-type physical security — probably even better — and yet there was an absolute disconnect between that physical security and the digital protection.”

It’s unclear how the tabloid obtained Bezos’s texts. The Amazon.com Inc. founder, who has a net worth of $133.9 billion, said in his blog post that he’d authorized security chief Gavin de Becker “to proceed with whatever budget he needed” to get to the bottom of the leak.

Security experts say potential entry points for a digital invasion are numerous.

‘Legacy Risks’

“We all have devices we carry and they each have their own point of vulnerability,” said Kris Coleman, founder of intelligence-services firm Red Five Security.

Banking information, identity data, even health information and travel schedules can expose someone to a breach. Those in billionaires’ inner circles are a particular risk for the information they have access to and could share, either maliciously or inadvertently.

“Private, affluent families need to consider themselves targets that are on par with nation states,” Coleman said.

Coleman and Johnson are both members of RANE, a network of risk-management professionals from banks, law firms, family offices and corporation.

The wealthy aren’t just at risk of losing money through hacks. Their brands, reputations — or, in family office parlance, “legacy” — also can be damaged. On Tuesday, news website Splinter published a trove of racist emails sent and received by TD Ameritrade Holding Corp. founder Joe Ricketts that included anti-Muslim slurs and conspiracy theories. Ricketts, whose family owns the Chicago Cubs, issued a statement on his personal website, apologizing for remarks “that don’t reflect my value system.”

Protecting Zuckerberg

Providing security services to the growing ranks of the super-rich is an expanding field. Federal agents and military personnel, including former Navy Seals, Secret Service and Mossad agents, SWAT team operators and Scotland Yard detectives, have found second careers protecting billionaires, where they can earn double what they did working for the government.

Facebook Inc. spent $7.3 million in 2017 on personal security for CEO Mark Zuckerberg, an expense the company defended as necessary considering his “position and importance.” Last year, the firm said it would give him an additional $10 million annually to beef up his security. Its executive protection program is run by an ex-Secret Service agent, according to her LinkedIn profile.

Amazon spent $1.6 million last year on security for Bezos, according to regulatory filings. His Bezos Family Foundation also has taken physical precautions. For example, the foundation’s mailing address is a post office box in a nondescript strip mall in the Seattle area.

De Becker, a best-selling author, made his name as a security consultant to Hollywood celebrities and co-created MOSAIC, an assessment tool that was originally used to analyze threats against Supreme Court justices and members of Congress. He describes himself on the firm’s website as “the nation’s leading expert on the protection of public figures.”

Red Five’s Coleman didn’t express shock that Bezos’s racy text messages were vulnerable.

“My message to affluent families: don’t assume you’re OK,” Coleman said. “Because most of them aren’t.”

Continue Reading

News

OPPO Completes World’s First 5G Multi-party Video Call

Published

on

By

OPPO, a global smartphone brand has become the first smartphone technology company to complete a multiparty video conferencing call on a 5G network.

OPPO is increasingly gaining attention all over the world for its classy smartphone designs, unbelievably camera quality, seamless user experience and most recently, its 5G capabilities.

Engineers from six different OPPO Research and Development institutes around the world participated in the video call using WeChat, a popular Chinese social media app, with “Hello OPPO, Hello 5G” being the first words spoken.

This breakthrough makes OPPO the first smartphone technology company in the world to make a multiparty video call on a 5G network. Earlier this year, OPPO was the first company in the world to complete 5G signaling and data connections on a smartphone.

Completing the first multiparty 5G video call on a smartphone further shows OPPO’s technological edge in the development of 5G smartphones and brings the company a step closer to being one of the first manufacturers to release 5G smartphones commercially in 2019.

Founder, President and CEO of OPPO, Tony Chen, stressed at the recent OPPO Technology Exhibition in Shenzhen, that “OPPO will fully integrate 5G with applications and user insights, and continuously innovate to provide users with revolutionary, necessary, convenient and seamless experiences.”

OPPO is an innovative smartphone brand ranked No 4 in the world according to IDC. As at today, OPPO provides cutting edge smartphones to over 200 million people all over the world. OPPO is popular for its stylish smartphone designs, quality photography experience and the status symbol it provides to its users.

Continue Reading
Advertisement

Trending