Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Security Response

Showing posts tagged with Security Response remove filter
Showing posts by Jesse Gough remove filter
Security Bugs Vs. Regular Bugs
Jesse Gough | 28 Aug 2008 | 0 comments

There has been much debate recently that stems from discussions related to Linux kernel development, over whether or not security vulnerabilities should be treated differently than regular software bugs. This has meant there has been a slight departure from the exhausted “full disclosure” debate, in that some believe that the problem with the disclosure process isn't whether or not it best protects users, but that it unfairly praises those that uncover and fix security issues more than those that fix regular bugs. Personally, I think that there are two important distinctions that are not being made.

Security vs. Availability

Security and availability are two different things and should be treated as such. Some are quick to argue this, pointing out that a denial-of-service attack against a life support system would obviously be a drastic security problem. They would be right—I am not suggesting that the two are mutually exclusive. If we depend...

Read more
PCI-DSS Version 1.2 - Changes Forthcoming
Jesse Gough | 26 Aug 2008 | 0 comments

The PCI Security Standards Council has released a summary of changes and clarifications for version 1.2 of the PCI-DSS standard, which is scheduled for release on October 1, 2008. In an effort to combat the growing problem of card theft, the Payment Card Industry Data Security Standard has been established to ensure that through the use of imposed regulations, compromises of customer card data will not be easily possible. Virtually anyone wishing to handle or process customer card data is familiar with these regulations and probably equally aware of the costs associated with achieving and maintaining PCI compliance. For some people, security is difficult to invest in. You spend a lot of money on something, and you may feel like you don't receive any tangible or perceptible benefit afterwards. You may have even been forced to change some aspects of your business in order to adopt processes that feel less efficient. However, several retailers are now facing serious repercussions from...

Read more
Live from Black Hat: Insecure Coding Mistakes? Textbook.
Jesse Gough | 02 Aug 2006 | 0 comments

BlackHat_NoTransparency.gif

The continued development of insecure code was a topic at Black Hat 2006 that was explored by speaker Paul Böhm. Paul questioned why we see these same types of manifest coding issues year after year, despite over ten years of widely documented research into the matter. This pattern is not necessarily attributed to ignorance, as these mistakes are made by novice and veteran coders alike. In fact, it is not unheard of for individuals or organizations that specialize explicitly in security to eventually make a coding mistake that compromises the security of their software. One notable example of this was a vulnerability found in the grsecurity patch for the Linux kernel, which caused a product designed to harden the operating system to actually introduce a hole that would allow a full...

Read more

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,794