ENISA: ADVANCING SOFTWARE SECURITY IN THE EU

While I was looking after some resources for a presentation, I found this interesting lecture from ENISA.   Advancing Software Security in the EU Download PDF document, 622 KB This study discusses some key elements of software security and provides a concise overview of the most relevant existing approaches and standards while identifying shortcomings associated with the secure software development landscape, related to different inherent aspects of the process. Lastly, it provides a number of practical considerations relevant to the different aspects of software development within the newly established EU cybersecurity certification framework and the EU cybersecurity certification schemes. Fundamental security principles are often overlooked during software development. This is because Security is a non functional feature. Functional requirements are about behaviour of the system towards the outside world (e.g. a user), whereas non-functional requirements are mainly about the internal mechanisms. Many of the security requirements are non-functional; for example on how to store passwords in a database. Security requirements originate from different sources, such as – explicit functional and non-functional requests from user(s), – requirements and obligations originating from the underlying legal framework – requirements that are considered as best practices, company policies, in widely accepted guidelines, from threat…

Read More


BSI: Die Lage der IT-Sicherheit in Deutschland (German)

Quelle: https://www.bsi.bund.de/DE/Service-Navi/Publikationen/Lagebericht/lagebericht_node.html   Malwarelage: Das vergangene Jahr war geprägt von einer deutlichen Ausweitung cyber-krimineller Erpressungsmethoden. Nicht nur die Anzahl der Schadprogramm-Varianten stieg zeitweise rasant an – mit bis zu 553.000 neuen Varianten pro Tag der höchste jemals gemessene Wert (siehe Kapitel Neue Schadprogramm-Varianten, Seite 11). Auch die Qualität der Angriffe nahm weiterhin beträchtlich zu. https://multimedia.gsb.bund.de/BSI/Video/Lagebericht/2021/lagebericht-1-Schadprogramm-Varianten.mp4   Die Hauptbedrohungen: Cyber-Erpressungen entwickeln sich zur größten Bedrohung (Ransomware) https://multimedia.gsb.bund.de/BSI/Video/Lagebericht/2021/lagebericht-2-Ransomware.mp4   Schwachstellen https://multimedia.gsb.bund.de/BSI/Video/Lagebericht/2021/Lagebericht-3-MS-Exchange-Schwachstellen.mp4 Der Faktor „Mensch”     Mehr in dem PDF Dokument von BSI hier: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Lageberichte/Lagebericht2021.pdf?__blob=publicationFile&v=3


Cyber Diplomacy – a course from UN Office for Disarmament Affairs

I just finished the online course “Cyber Diplomacy“, a course from the United Nations Office for Disarmament Affairs. For me it was interesting to find out how much from the real world has been already applied to the cybersecurity world. Unfortunately, by seeing this, I realized that actually nobody cares about these UN resolutions. For example, did you know that a country should not allow hackers to perform attacks on another country from within its territory? And how should this be controlled? We hear almost every week that Russia, China, Iran, North Korea, and many more are performing cyberattacks on “their enemies” (observe the quotes). If they are members of UN (click the links above to see details. Conclusion: The course is interesting, even if you don’t actually learn new concepts about cybersecurity. You do learn how serious cybersecurity is being taken by the UN. And this is good…



No Image

New Android app for IT Security News with push notifications

ITSecurityNews.info is my security news aggregator, which collects RSS feeds and publishes them in WordPress automatically. A long time ago I created an app using AppSpotr, but since then things have changed. So, I decided to write one myself. Of course, not from scratch, I took an open source project called fNotifier and changed it to my needs. The app remains running as a service and polls regularly (see screenshot below – Settings) for new feeds.   And after one rejection due to Policies, it was approved in the Play Store: https://play.google.com/store/apps/details?id=org.itsecuritynews   It is actually enough to visit the website on a mobile device and you will see immediately on the top of the page an offer to install the app.  


No Image

Twitter is strange when it comes to business accounts

I created my company’s Twitter account, called  @EndpointCS . Obviously, I tried to add the birth date of the company: 1.1.2015. Well, imagine what happened next with my brand new account: it got locked because the owner of the account must be at least 13 years old. And my company is only 6 years old. I had to submit a photo of my ID in order to get it unlocked. Fortunately, and very surprisingly for me, the process took a few minutes. Did they automatize it ? I think so… otherwise it couldn’t have been so fast.   So, Twitter, get your processes straight. In  case you’re wondering, there is no official way to set up a business account. You still need a person to create it and mark it as such. And that person must be 13 years or older. 🙂  


Stack Overflow introduces … erm… copy/paste limitations

If you use Stack-Overflow today, you will be surprised to see this popup:     This has caused an explosion of Reddit comments here: https://www.reddit.com/r/webdev/comments/mhkume/stack_overflows_new_copypaste_limit/ When you click on “Learn More”, you get to see this : Aha, 3 keys for $39.99 … riiiight 🙂   If you click on the “Pre-order” you get to see this:     April Fools joke. Hahahahah 🙂     But those guys from Reddit didn’t laugh, at the beginning. 🙂


A post about searching a software developer on LinkedIn that didn’t go as planned

I was and still am in need of a freelance Android developer with experience in Java. After trying all other possibilities (my own network) I decided to post the job on LinkedIn. Due to the special requirements of the project, I needed a very close and good cooperation between myself, the customer and the developer. For this reason, I asked in my post on LinkedIn to be contacted by freelancers in the CET +/- 2 Timezone. Now, if you look on a map, this means approximately until Turkey in East and Portugal in West. I did not mention restrictions on nations because I have no prejudices with whom I work. I work now and have worked in the past with people from all around the world and I can really work with anybody. I published it on Thursday the 18.2.2021, on Friday I closed the comments, and finally I erased it on Saturday 20.2.2021 in the evening.   Let’s have a closer look on the post.   I wrote specifically : I need an experienced freelancer PM me only if you meet this requirement… “Companies are excluded”, because I want to build a long-term relationship with that person.    Let’s…


The Virus Bulletin Conference 2020 VBLocalhost is live and my video presentation is there

Here is the conference link: https://vblocalhost.com/conference/ You need to register first (free).   Here is my paper: One year later: challenges for young anti-malware products today I have to say that the VB team did a good job with the editing 🙂   I think I was too nice with Defender :))) What do you think ?   Here are some , more or less. funny facts about the session filmed: I did the recording in a one day, just before leaving on vacation. I needed more than 8 hours to do it I filmed myself 10 times, 8 of them from start to end a few times I made mistakes a few times my children made some noises once came the post once the cat started to meow so loud in front of my office door, that I had to stop The 8th attempt was the one you see there and it was taken in two parts.


%d bloggers like this:

By continuing to use the site, you agree to the use of cookies and to its Privacy Policy more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close