Security Archives - Code Curmudgeon

How to know when you need SBOM

Posted on February 19, 2021 by Code Curmudgeon

whiteboard sign held by man mostly obscured by it. On the sign is a simple flowchart that tells you you should use SBOM

Just for grins – people say I probably talk about Software Bill of Materials or SBOM too much. It’s definitely something I think will...

CWE Top 25 2019 and On the Cusp

Posted on November 21, 2019 by Code Curmudgeon

The CWE Top 25 has been updated for 2019. It’s the first change to this important list of cybersecurity issues since 2011. They also...

Can a word fix our cybersecurity problems

Posted on October 31, 2019 by Code Curmudgeon

DevSecOps is all the rage today – but will it fix the problems we have with AppSec, SWSec, and cybersecurity? Watch my latest video...

SCA is the Latest AppSec Silver Bullet

Posted on August 15, 2019 by Code Curmudgeon

Silver bullet business stamp isolated on a white background.

The realm of application security and cybersecurity is littered with promised silver bullets. New technologies come along and promise to solve all your old...

1 2 3 … 12 Next ›

Definitioner

SCA: SCA or software composition analysis means that you analyze what "other" software is included in your application or system. For example do you use a commercially available library, an open source library, or build OSS straight into your application. If so, then you should be scanning these from a security perspective for known vulnerabilities so you can patch and keep them up-to-date to avoid zero-day security issues.
software composition analysis (SCA): SCA or software composition analysis means that you analyze what "other" software is included in your application or system. For example do you use a commercially available library, an open source library, or build OSS straight into your application. If so, then you should be scanning these from a security perspective for known vulnerabilities so you can patch and keep them up-to-date to avoid zero-day security issues.
CAN (Controller Area Network): Controller Area Network aka CAN aka CAN Bus is a wiring standard for vehicles that enables communication between various components and devices without having a host computer. For example doors, brakes, transmission.
SAST: SAST is security testing that is done on source, byte-code, or binaries but without actually executing them - thus the "static" testing. Typically this includes things like software metrics, static code analysis and even peer review. SAST provides a white-box or inside view to the application. It can both find possible vulnerabilities and weaknesses by looking for anti-patterns as well as enforcing secure software engineering standards by looking for proper patterns.
static code analysis (4G): The 4th generation of cellular wireless standards - it's the successor the 3G. There is a vast difference between how carriers interpret and implement 4G at the current time, ranging from HSPA to WiMax to LTE, each has difference performance characteristics. The standard requires peak data rates from 100 Mbit/s for high mobility to 1Gbit/s for low mobility.
static code analysis (early-adopter): Someone who likes to have the latest and greatest things. They upgrade because something is newer, bigger, faster, has better numbers, etc. Sometimes they're right, but frequently the benefit of the new numbers is not measurable.
static code analysis (pattern-based analysis): A form of static analysis where patterns of either good or bad code are stored as rules and compared against a code base without executing the code, to find potential violations.
static analysis: Any form of software analysis that can be done on the code without actually executing the code. Encompasses techniques like pattern-based analysis, metrics, code review, etc.
static code analysis (static analysis): Any form of software analysis that can be done on the code without actually executing the code. Encompasses techniques like pattern-based analysis, metrics, code review, etc.