Tag Archives: Practices

Following Best Coding Practices Doesn’t Always Mean Better Security

Posted by on May 3, 2013 No comments

wiredmikey writes “While some best practices such as software security training are effective in getting developers to write secure code, following best practices does not necessarily lead to better security, WhiteHat Security has found. Software security controls and best practices had some impact on the actual security of organizations, but not as much as one would expect, WhiteHat Security said in its Website Security Statistics Report. The report correlated vulnerability data from tens of thousands of Websites with the software development lifecycle (SDLC) activity data obtained via a survey. But there is good news — as organizations introduced best practices in secure software development, the average number of serious vulnerabilities found per Website declined dramatically over the past two years. ‘Organizations need to understand how different parts of the SDLC affects how vulnerabilities are introduced during software development,’ Jeremiah Grossman, co-founder and CTO of WhiteHat said. Interestingly, all the Websites tested under the study, 86 percent had at least one serious vulnerability exposed to attack every single day in 2012, and on average, resolving vulnerabilities took 193 days from the time an organization was first notified of the issue.”

Read more of this story at Slashdot.




Slashdot

Open Source Software: Compliance Basics And Best Practices

Posted by on December 15, 2012 No comments

Meeker_licensingEditor’s note: Heather Meeker is a shareholder, and chair of the IP/IT Licensing and Transactions Group in the international law firm Greenberg Traurig LLP. 

Startups stand on the shoulders of giants, developing proprietary applications on top of a software landscape that heavily leverages open source components. But as the saying goes, free software is not free, and using open source software requires that organizations understand the legal framework of open source.

TechCrunch

US Justice Dept. Sues eBay For Anti-Competitive Hiring Practices

Posted by on November 17, 2012 No comments



McGruber writes “The Associated Press is reporting that the U.S. Justice Department is suing eBay for allegedly agreeing with Intuit not to hire each other’s employees. According to the article, ‘eBay’s agreement with Intuit hurt employees by lowering the salaries and benefits they might have received and deprived them of better job opportunities at the other company,’ said acting Assistant Attorney General Joseph Wayland, who is in charge of the Justice Department’s antitrust division. The division ‘has consistently taken the position that these kinds of agreements are per se (on their face) unlawful under antitrust laws.’”

Read more of this story at Slashdot.


Slashdot

How sourcing practices can reduce network latency

Posted by on September 19, 2012 No comments

Enterprises that use Internet services in Asia for branch office connectivity continue to report latency issues. We outline what enterprises must do to minimize Internet latency and optimize application performance.
Computerworld News

Zynga Sues EA For ‘Anti-competitive’ Practices

Posted by on September 15, 2012 No comments



An anonymous reader writes “In early August, Electronic Arts sued Zynga for allegedly copying EA’s Sims Social game. Zynga has now launched a counterattack, suing EA for ‘anticompetitive and unlawful business practices, including legal threats and demands for no-hire agreements.’ The company also accuses EA of copying a Zynga game called YoVille. Zynga has also demanded a jury trial to settle EA’s claims.”

Read more of this story at Slashdot.


Slashdot

Ask Slashdot: Best Practices For Collecting and Storing User Information?

Posted by on September 11, 2012 No comments



New submitter isaaccs writes “I’m a mobile developer at a startup. My experience is in building user-facing applications, but in this case, a component of an app I’m building involves observing and collecting certain pieces of user information and then storing them in a web service. This is for purposes of analysis and ultimately functionality, not persistence. This would include some obvious items like names and e-mail addresses, and some less obvious items involving user behavior. We aim to be completely transparent and honest about what it is we’re collecting by way of our privacy disclosure. I’m an experienced developer, and I’m aware of a handful of considerations (e.g., the need to hash personal identifiers stored remotely), but I’ve seen quite a few startups caught with their pants down on security/privacy of what they’ve collected — and I’d like to avoid it to the degree reasonably possible given we can’t afford to hire an expert on the topic. I’m seeking input from the community on best-practices for data collection and the remote storage of personal (not social security numbers, but names and birthdays) information. How would you like information collected about you to be stored? If you could write your own privacy policy, what would it contain? To be clear, I’m not requesting stack or infrastructural recommendations.”

Read more of this story at Slashdot.


Slashdot

Google to pay $22.5M fine over privacy practices

Posted by on August 9, 2012 No comments

Google will pay a historic fine to settle U.S. government charges that it violated privacy laws when it tracked via cookies users of Apple's Safari browser.
Computerworld News

Senator Seeks More Info On DOJ Location Tracking Practices

Posted by on May 11, 2012 No comments



Gunkerty Jeb writes “Senator Al Franken (D-MN) is demanding answers to questions about the U.S. Department of Justice practice of gathering data from wireless providers in order to monitor individuals’ movements using mobile phone location data. In a letter (PDF) to Attorney General Eric Holder, Franken said, ‘I was further concerned to learn that in many cases, these agencies appear to be obtaining precise records of individuals’ past and current movements from carriers without first obtaining a warrant for this information. I think that these actions may violate the spirit if not the letter of the Jones decision.’”

Read more of this story at Slashdot.


Slashdot

Putting Plans to Work: Best Practices for Hackathon Demo Days

Posted by on May 6, 2012 No comments

6811048668_3ddace1f17_bFor anyone who enjoys (or has a knack for) planning, organizing a hackathon is not terribly difficult: it’s a matter of understanding your goals, assessing needs, and figuring out how to bridge the two. Naturally, this is much easier said than done.

The most important part of a hackathon, by far, are the demos. Why else — it’s what makes the event worth attending in the first place. Sponsoring companies wouldn’t offer money to anything that didn’t provide exposure. Developers wouldn’t forsake sleep if they couldn’t show an eager audience the hacks they built overnight.

Pulling off demos at Photo Hack Day and Photo Hack Day 2, for example, has proven to be a continuous learning process, with a much more public (and much less forgiving) learning curve. There’s no need to be a n00b, I’ve done a lot of the screwing up for you.
TechCrunch

Lawmakers question Google on its new privacy practices

Posted by on January 27, 2012 No comments

Google's decision this week to share user data across its online services has caught the attention of eight members of the U.S. House of Representatives, with the lawmakers asking whether the changes will compromise privacy.
Computerworld News

Blog – Electronics Makers Have Worst Labor Practices of Any Industry, Says Report

Posted by on January 12, 2012 No comments

Ira Glass resurrects a debate about treatment of workers at Foxconn.

Mining, textiles, retail—these are the industries that are most likely to violate worker’s rights, right? Nope— turns out the electronics industry is worse, according to a recent report from Oekom, a sustainable investment research firm. (For more on that report, check out the breakdown of its findings at GreenBiz.)







Technology Review RSS Feeds