Static analysis can be even more effective in improving software security if it is used to create quality metrics.
Only about half of companies offer any kind of security training, a CompTIA survey found.
Millennials more likely than their baby boomer counterparts to engage in risky security behavior, report finds.
Passwords are often a weak security link but they don't have to be, says security startup TapLink.
Credit card credentials are easy to obtain and difficult to secure. An unhackable credit card could be on the horizon, thanks to technology based on quantum computing.
QuinStreet Enterprise research outlines the scope of security challenges facing enterprises today.
Despite the growing importance of applications, the application layer is a "black hole" of enterprise security, says company's co-founder.
Data privacy should be integrated at the beginning of product development process, tech titans agree.
Chris Roberts, in hot water after tweeting about a hack into a plane's WiFi system, describes another theoretical attack, this one against an Internet-connected appliance.
Bruce Schneier provides guidance for organizations in the post-Sony breach world.
Experts on a cryptography panel at the RSA conference reject the idea of the U.S. government holding encryption keys.
Another big IT security firm finds a shortage of skilled infosec pros, again.
With automated security testing, you do not need manual penetration testing when developing apps, right? Wrong!
Mobile apps are popular with knowledge workers and hackers alike. Which 10 mobile threats are the most problematic for security pros?
'Cyber accelerator' offers $50,000 and lots of training to security startups.
Sharing intelligence on security threats is an old idea getting new cred, thanks to Facebook's new Threat Exchange. But how well do such exchanges work?
Following more critical zero-day exploits, Adobe's Flash platform's place in the enterprise appears as unsecure as the software itself.
IBM-sponsored research shows mobile app development is flawed. Big Blue now offers a new platform to help.
A surprising 40 percent of attacks in IBM's X-Force report were listed as 'unknown.'
Verizon's 2015 PCI compliance report shows increasing point-in-time compliance even as breaches rise.
Data breaches occur when identity is compromised or misused, which is why Gurucul focuses on identifying anomalous behavior that can point to identity issues.
Web application firewalls, an especially critical component of enterprise security, are even more effective when combined with other emerging security technologies.
With Heartbleed and Shellshock, the open source community realized that Linus' law can be challenged.
Common sense prevails as Google relaxes its 90-day disclosure policy for zero-day security vulnerabilities.
Crowdstrike's Global Threat Intel report details tactics used in nation-state attacks.
- What are the top Android security apps?
- What are the top Android security risks?
- What are today's top cyber threats?
- What's the most secure way to delete data?
- How does hard drive encryption work?
- Is old software inherently insecure?
- Are Macs immune to malware?
- How can BYOD risk be managed?
- Which web browser is the most secure?
- How do I protect my iOS device?
- What are the top iPhone security apps?
- How do I secure my wireless network?
- Are public Wi-Fi hotspots safe?