Government Security News April May 2015

More documents

Recommendations

Info

Vulnerabilities in your software? Continued from page 11 urges software developers to use the newest versions of third-party components, with the most recent vulnerability patches, as older versions are not always updated. Although time-consuming, OWASP recommends making sure all components and versions are identified and the security of these components is frequently monitored. They also suggest establishing tight security policies regarding the use of components, and consider using security wrappers around components to disable unused functionality and/or secure weak or vulnerable aspects of the component. Identification Tools Furthermore, OWASP advises developers to use tools that are specifically designed to identify vulnerabilities in third-party components and open-source software. Some examples include: Dependency-Check, an open-source tool used to scan Java and .NET applications and their dependent libraries to identify any known, publicly disclosed, vulnerabilities; as well as Retire.js, another popular tool to help detect vulnerable JavaScript components. Furthermore, solutions developed by Sonatype and Black Duck Software are also helping to address the third party component challenge. Sonatype offers a patented approach to provide software developers and security analysts with valuable data on component vulnerabilities. This data can then be integrated with other tools, such as application security testing tools, to ensure an application is void of vulnerabilities. And, Black Duck offers a range of code scanning and code matching products and services that provide users with visibility into their code assets, help them discover what open source code is used within specific applications, direct them to the code origin and code provenance, and assist them with license identification. Take the Necessary Precautions In recent years, software provid- 48 ers have become increasingly aware of potential vulnerabilities in their code and many have taken steps to reduce the weaknesses in their custom code. However, with applications using approximately 30 or more third-party components in their applications, their security measures must extend beyond their own code. All it takes is one vulnerable component to enable an attacker to gain access to mission-critical data or take down an entire enterprise. By leveraging application security testing solutions to focus on the custom code in conjunction with tools that identify vulnerabilities in third-party components, software developers will be able to more quickly find and fix weaknesses throughout the software development lifecycle and prevent malicious cyber security attacks.
AXIS introduces new launches–and new ownership Continued from page 25 workable video door station for indoor and/or outdoor use, adding two-way audio communications typically not found with door alarms to the high-definition video. The station provides a means to open the door remotely for invited visitors or to initiate a lockdown in case of emergency. It has PoE available for easy installation and can be integrated into VMS and SIP systems. Nilsson discussed the importance of Axis’ background noise-cancelling algorithms to boost audio quality, overcoming compromises such as banging delivery gates, highway and rail noise, and loud diesel truck engines in this system. This multipronged product, available in <strong>May</strong> and retailing at $1,249, was Nilsson’s favorite. Axis and Canon The unanswered question: What will be the favorite of Fujio Mitarai, CEO of Canon? Canon’s acquisition of the Swedish company is under way, with neither Axis nor Canon offering much in the way of details. Axis co-founder Gren admitted that he often said in the past that he wouldn’t sell the company, but said he saw “the industry changing with consolidation.” “Canon could provide benefits because it’s so much bigger, and had solely focused on camera lenses, folio patents, processing, production and long-term technology,” Gren said. Axis, meanwhile, always has outsourced production and could tap into resources of a company that Gren called “100 times bigger than Axis.” Axis essentially will continue to operate as it has, Gren and Nilsson said, with Gren reporting to Canon instead of the existing Axis board. On the Canon side, when asked about the acquisition, Ricardo Chen, director of B2BMarketing & Integration Support, Imaging Technologies & Communications Group, Canon USA Inc., said only that the move with Axis, as well as the purchase of Milestone Systems, a specialist in IP video management software, illustrates Canon’s “commitment to the security industry.” Both he and Scott Burkhardt, Canon’s marketing manager for B2BMarketing, pointed out that Canon has been one of the top five patent producers in the sector for the last two decades. “We know the area we want to be in,” Chen said. 49
Page 1 and 2: Government Security News APRIL/MAY
Page 3 and 4: NEWS AND FEATURES DOT Secretary Fox
Page 6 and 7: Partner Alliance for Safer Schools
Page 8 and 9: The vast amount of personal informa
Page 10 and 11: What vulnerabilities are lurking in
Page 12 and 13: Communication: Use tweets and texts
Page 15 and 16: A quiet revolution in biometrics fr
Page 17 and 18: Video Surveillance/Analytics/Video
Page 19 and 20: -based analytics at ISC West terns
Page 21 and 22: DarkFighter Network Camera Conventi
Page 23 and 24: Rigid Strength No other Pole can ma
Page 25 and 26: costs—by 50 percent, on average.
Page 27 and 28: it’s garnered from the community.
Page 29 and 30: Employing a high degree of image pr
Page 31 and 32: Dateline Phoenix: Dispatches from 2
Page 33 and 34: MIR Systems unveils mobile incident
Page 35 and 36: activity. In addition, federal bord
Page 37 and 38: Rugged HD video surveillance camera
Page 39 and 40: steadfastness and courage, her stor
Page 41 and 42: to DEA Administrator Michele Leonha
Page 43 and 44: hancement Filter allows officials t
Page 45 and 46: say they will work closely with sch
Page 47: 2015 Airport/Seaport/Border Securit
Page 51 and 52: at the World Trade Center and the N
Page 53 and 54: The News Leader in Physical, IT and

Government Security News April May 2015

Create successful ePaper yourself

Delete template?

Save as template?