The OWASP Top Ten list of security risks was created more than a decade ago to be the start of an industry standard that could bootstrap the legal system into encouraging more secure software. Here are the 2013 updates.
The massive distributed-denial-of-service attack in Europe that targeted Spamhaus could easily have been prevented if information service providers followed a 13-year-old industry best practice, ENISA's Thomas Haeberlen says.
Security firm Mandiant recently released a widely publicized report detailing cyber-espionage activity originating in China. Mandiant Director Charles Carmakal discusses the latest nation-state threats.
It isn't just the quantity of cyber-attacks that's staggering; it's the quality. The average hacker now has access to nation-state-level attack capabilities, says James Lyne of Sophos. How can organizations defend?
A 143-point drop in the Dow Jones Industrial Average proves the power of social media and the havoc it can cause when an account gets hacked. It's time for social media companies to tighten the authentication process.
The UK government pledges at Infosecurity Europe to help businesses improve cybersecurity. But it's going to take more than vouchers and training to address Europe's top threats to security and privacy.
We talk increasingly about what we have in common - global risks, threats and growing an effective security workforce. But what are the unique characteristics of individual marketplaces? That's a question I hope to answer this week in London.
To retain their customers after a breach of sensitive information, organizations should take the extra step of calling those affected to offer free credit protection services, says security expert Brian Dean.
The Boston Marathon tragedy is yet another reminder to organizations to develop alternative ways to communicate with employees during such emergencies. Otherwise, they could put their organizations' continuity plans at risk.
A rider covertly added to the law to fund the government through September requires select agencies to assess technology purchases for cyber-espionage and sabotage, a process that could make it harder to buy wares to secure IT.