The question if FLOSS (Free/Libre and Open-Source Software) is more or less secure than proprietary software is often not the right question to ask. The much more important question is: How to integrate FLOSS components securely into a Secure Software Development Process? Moreover, if you think about it, the potential challenges in the secure integration of FLOSS components are also challenges integrating other types of third-party components. As a software vendor you are finally responsible for the security of the overall product, regardless which technologies and components where used in building it (you can either read more, or watch the video of our AppSecEU presentation).
The DevOps model promises to allow software companies to significantly faster (i.e., more frequently) shipping updates to their customers. A key requirement for this is a high degree of test automation: This does not only apply to testing functional testing, it is at least as important for all security testing activities – which are still often done manually or semi-automated.
Specification-based sequence testing is usually associated with various kinds of automaton models. While it is intuitive to model sequential systems (or communicating systems) as automatons, there is an interesting alternative: monads. Monads have been proven to be very successful in functional programming (e.g., Haskell) for representing step-wise computations. Thus, why not use them for sequence testing?
Do you want to join a world-class computer science department and lead the establishment of a information and computer security research group? Then now is the right time to apply.
These days, it feels like news reports about data security breaches are commonplace. It looks like as if the attackers won and securing IT systems is a Sisyphean task.
Combining web and native technologies creates new security challenges as, e. g., an XSS attacker becomes more powerful. For example, a XSS vulnerability might allow an attacker to access the calendar of a device or delete the address book.
We are proud to announce the release of HOL-TestGen 1.8. HOL-TestGen is a formal specification-based test environment HOL-TestGen that allows to have a seamless transition from verification to test case generation using symbolic computation in Isabelle/HOL.