Security Trends 

Bringing Secure Boot to the Core of Containers [VIDEO]

VIDEO: Matthew Garrett, principal security engineer at CoreOS, discusses his efforts to bring a root of trust from bare metal all the way to the operating system level.

Static Analysis Can 'Score' Software Security

Static analysis can be even more effective in improving software security if it is used to create quality metrics.

Why Isn't User Training a Security Priority?

Only about half of companies offer any kind of security training, a CompTIA survey found.

The Millennial Security Risk

Millennials more likely than their baby boomer counterparts to engage in risky security behavior, report finds.

TapLink Rethinks Password Security with Blind Hashing

Passwords are often a weak security link but they don't have to be, says security startup TapLink.

Making Credit Cards Unhackable

Credit card credentials are easy to obtain and difficult to secure. An unhackable credit card could be on the horizon, thanks to technology based on quantum computing.

76 Percent of Organizations Breached in 2014

QuinStreet Enterprise research outlines the scope of security challenges facing enterprises today.

Startup Spotlight: Prevoty's Application Security

Despite the growing importance of applications, the application layer is a "black hole" of enterprise security, says company's co-founder.

Google, Facebook and Microsoft on Data Privacy

Data privacy should be integrated at the beginning of product development process, tech titans agree.

IoT 'Security Hopscotch' Is No Game: Chris Roberts

Chris Roberts, in hot water after tweeting about a hack into a plane's WiFi system, describes another theoretical attack, this one against an Internet-connected appliance.

What Bruce Schneier Learned from the Sony Breach

Bruce Schneier provides guidance for organizations in the post-Sony breach world.

Cryptographer Panel Slams Government Key Escrow Idea

Experts on a cryptography panel at the RSA conference reject the idea of the U.S. government holding encryption keys.

Little Change in Security Workforce Challenges, Study Finds

Another big IT security firm finds a shortage of skilled infosec pros, again.

Manual Penetration Testing Still Crucial to Smart App Development

With automated security testing, you do not need manual penetration testing when developing apps, right? Wrong!

10 Trickiest Mobile Security Threats

Mobile apps are popular with knowledge workers and hackers alike. Which 10 mobile threats are the most problematic for security pros?

Mach37 Accelerates Security Startups

'Cyber accelerator' offers $50,000 and lots of training to security startups.

Do Threat Exchanges Work?

Sharing intelligence on security threats is an old idea getting new cred, thanks to Facebook's new Threat Exchange. But how well do such exchanges work?

Will 2015 Be Adobe Flash's Swan Song?

Following more critical zero-day exploits, Adobe's Flash platform's place in the enterprise appears as unsecure as the software itself.

Insecure Mobile Apps a Big Problem

IBM-sponsored research shows mobile app development is flawed. Big Blue now offers a new platform to help.

IBM: Over a Billion Records Leaked in 2014

A surprising 40 percent of attacks in IBM's X-Force report were listed as 'unknown.'

PCI Compliance Still a Challenge: Verizon

Verizon's 2015 PCI compliance report shows increasing point-in-time compliance even as breaches rise.

Startup Spotlight: Gurucul's Risk Analytics

Data breaches occur when identity is compromised or misused, which is why Gurucul focuses on identifying anomalous behavior that can point to identity issues.

Web Application Firewalls: Next Big Thing in Security

Web application firewalls, an especially critical component of enterprise security, are even more effective when combined with other emerging security technologies.

Why All Linux (Security) Bugs Aren't Shallow

With Heartbleed and Shellshock, the open source community realized that Linus' law can be challenged.

Google Blinks on Project Zero Security Disclosure

Common sense prevails as Google relaxes its 90-day disclosure policy for zero-day security vulnerabilities.