On June 11, NIST released Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework. While a solid piece of work in its own right, this document is noteworthy because it stands as one more proof point - in an already long list of proof points, that development processes, the developers themselves, and the organizations they belong to, ALL share some degree of responsibility (liability) for:
Untrusted Environments, Valuable Apps? Put the Protection in the App.
IT environments are evolving. Disappearing are the days of in-house, fixed-endpoint, limited access server stacks — replaced instead by a combination of private and public cloud solutions, mobile applications and IoT devices.
As noted by research firm IDC, public cloud spending now outpaces all other IT infrastructure with a growth rate topping 10 percent year-over-year, while Statista reports that users downloaded more than 178 billion apps in 2017 alone — and are on track to break 250 billion over the next few years.
What does this mean for organizations? That application environments are quickly moving beyond the purview of in-house IT, exposing both apps and network services to steadily growing risk. It creates a paradox: Companies can’t deny the benefits of third-party environments and application partnerships, but also can’t ignore the threat of app and data compromise or reverse-engineering and tampering.
In a recent developer survey, Xamarin.Android developers were 50% less likely to have included rooted device detection or anti-tamper prevention as their Java Android peers were. Yet, both sets of apps are being deployed through the same marketplaces onto the same devices and are governed by the same regulations (PCI, GDPR, HIPAA to name just a few that expect these kinds of controls).Why are more Xamarin.Android apps going unprotected?
I recently had the opportunity to sit down with Sebastian Holst, PreEmptive’s Chief Strategy Officer, to talk about his most recent trip to Capitol Hill where the topic of the day was copyright protection for small businesses – and for development shops in particular.
The life of a security architect is rarely simple. Assessing, defending and improving corporate networks requires thorough knowledge of industry best practices designed to secure critical data, combined with real-world understanding of hacker tricks and tactics meant to undermine this purpose.
As noted by the InfoSec Institute, this is an in-demand job that often comes with high expectations, odd hours and the need for constant professional evolution to stay ahead of cybercriminal threats. Complicating matters is the breakneck pace of technological advancement. The rapid rise of cloud deployments, mobile applications and IoT devices can make even best-laid security strategies seem like flies in amber — hopelessly out-of-date and effectively immobile.
Here’s a look at what’s really bugging security architects — and how they can break the mold of static security to combat emerging threats.
PreEmptive had the opportunity to send a couple of representatives to Google IO this year. IO 2019 didn't tell us what dessert starts with a Q, but it did showcase some great tools and frameworks as well as provide insight into the direction of Android:
For the third year in a row, Microsoft’s Build conference set up shop in the Washington State Convention Center, giving technology professionals a glimpse into what lies ahead for the Redmond giant.
Previous years highlighted key advancements such as Microsoft 365, the Azure Cosmos DB and Xamarin — in 2019, the company went all-in with announcements for a new Visual Studio, .NET evolution and the emergence of true Linux on Windows OS.
Here’s a look at the best of Build 2019.
Developers cite compliance cost, complexity, and confusion as slowing innovation and impeding competitive goals. With the latest Dotfuscator and DashO releases, PreEmptive Protection dramatically improves developer productivity, automation, and scalability.
Seattle, WA. Microsoft Build Conference, May 7, 2019 - PreEmptive announced today the immediate availability of Dotfuscator Professional 4.41 and DashO 10.0 Beta. These updates to the PreEmptive Protection suite reduce initial protection configuration effort by 90% and offer complete automation of many of the most sophisticated runtime controls entirely. In a just-completed developer survey incorporating responses from over 315 organizations, 77% reported that “confusion around regulatory requirements slows innovation” while 71% stated that “the cost and complexity of compliance” is making it harder to compete.