STE WILLIAMS

As IT risk management and security professionals steel themselves for another year of high-profile breaches, increasingly sophisticated attacks and continued regulatory scrutiny on their controls, now may be the perfect time to re-examine risk management priorities. While every organization is unique, risk management pundits believe there are certain common initiatives that could stand more attention among many enterprises. The following five resolutions—listed in no particular order–are among the top ways that risk managers can take their practices to the next level in 2014.

Resolution #1: Improving Third-Party Risk Management

As news of more breaches and security incidents caused by third-parties make the news, enterprises and regulatory bodies alike are sharpening their focus on risks posed by vendors and partners entrusted with their data. According Andrew Wild, CSO of Qualys, he expects third-party risk management to be a key area of focus for IT risk professionals this year.

“The growing reliance upon third parties requires a mature third party risk management program to ensure risks are properly identified, assessed and managed,” Wild says, pointing to new regulatory requirements such as the guidance issued for banking institutions by the U.S. Office of the Comptroller of the Currency. “However, even organizations with no regulatory or compliance program requirements for third party risk management face increased scrutiny from customers about third party risk management.”

Resolution #2: Tune Risk Management For Greater Flexibility And Response
Targeted and stealthy attacks will continue to press security practitioners to change their methods to deal with them.

“The damage generated by those targeted attacks will be significant enough to drive further migration from static border protection and access control-based security programs, to dynamic programs that analyze new threats and risks on a daily basis and drive upgrades, updates and system changes,” says Rich Dakin, chief security strategist for Coalfire.

This, of course, means that risk analysis needs to advance way beyond simple yearly risk assessments if risk managers are to make meaningful calculations that can drive decisions about IT infrastructure and processes. Not only should organizations be seeking better ways to feed real-time information into risk assessments, but they also should be seeking ways to more quickly adjust existing technology according to those assessments rather than simply trying to buy their way out of newly identified risks.

“Businesses often assume they need new controls to address subsequent risks, but often times they can adjust existing controls to address new risks,” says Gerrit Lansing, director of consulting services for CyberArk Software.

Resolution #3: Use More Data To Assess Risks
Part of that push to a more evolved risk assessment involves better incorporation of data into the process. As important as questionnaires and the like may be to understanding processes and practices, data mined from security technologies and IT infrastructure are equally important to validate that the assumptions made when answering questions are truly valid.

“Many organizations do not utilize the facts and data that are present in their environment,” says Amad Fida, CEO of Brinqa. “They miss the opportunity to analyze and correlate those responses with security data from their systems and controls they have in place.”

[Are you getting the most out of your security data? See 8 Effective Data Visualization Methods For Security Teams.]

Resolution #4: Collaborate With Business Users For More Pervasive Risk Management
The security elite have long preached the need for better alignment between IT security practices and the business. That starts first with increased collaboration in the risk-management process between risk managers and business users both inside and outside the organization, says Yo Delmar, vice president for MetricStream.

“Essentially risk, compliance, and security functions will have inputs from the first line of defense business users, suppliers, franchisees, and so on,” Delmar says, explaining that means providing a risk management platform that supports widespread useage for these users. “Risk management will increasingly be tied with performance management and will be available at the ‘point’ of action for business users. For example, if a company is working with high risk vendors, it will not be enough to just do an assessment of the vendor regularly, but rather systematically tie performance indicators and negotiations for renewals to that vendor risk assessment directly.”

Resolution #5: Balance Preventative Controls With Detective Controls
More organizations should resolve themselves to improve the balance between preventative and detective controls, Wild says.

“In the past, many companies almost exclusively relied on preventative controls, which is not 100% effective,” he explains. “Because of this, the use of detective controls to ensure security incidents that aren’t prevented can be discovered, contained and remediated.”

At the end of the day, this balance should be driven by a solid risk management-based security framework.

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/risk/top-5-it-risk-management-resolutions-for/240165296

As IT risk management and security professionals steel themselves for another year of high-profile breaches, increasingly sophisticated attacks and continued regulatory scrutiny on their controls, now may be the perfect time to re-examine risk management priorities. While every organization is unique, risk management pundits believe there are certain common initiatives that could stand more attention among many enterprises. The following five resolutions—listed in no particular order–are among the top ways that risk managers can take their practices to the next level in 2014.

Resolution #1: Improving Third-Party Risk Management

As news of more breaches and security incidents caused by third-parties make the news, enterprises and regulatory bodies alike are sharpening their focus on risks posed by vendors and partners entrusted with their data. According Andrew Wild, CSO of Qualys, he expects third-party risk management to be a key area of focus for IT risk professionals this year.

“The growing reliance upon third parties requires a mature third party risk management program to ensure risks are properly identified, assessed and managed,” Wild says, pointing to new regulatory requirements such as the guidance issued for banking institutions by the U.S. Office of the Comptroller of the Currency. “However, even organizations with no regulatory or compliance program requirements for third party risk management face increased scrutiny from customers about third party risk management.”

Resolution #2: Tune Risk Management For Greater Flexibility And Response
Targeted and stealthy attacks will continue to press security practitioners to change their methods to deal with them.

“The damage generated by those targeted attacks will be significant enough to drive further migration from static border protection and access control-based security programs, to dynamic programs that analyze new threats and risks on a daily basis and drive upgrades, updates and system changes,” says Rich Dakin, chief security strategist for Coalfire.

This, of course, means that risk analysis needs to advance way beyond simple yearly risk assessments if risk managers are to make meaningful calculations that can drive decisions about IT infrastructure and processes. Not only should organizations be seeking better ways to feed real-time information into risk assessments, but they also should be seeking ways to more quickly adjust existing technology according to those assessments rather than simply trying to buy their way out of newly identified risks.

“Businesses often assume they need new controls to address subsequent risks, but often times they can adjust existing controls to address new risks,” says Gerrit Lansing, director of consulting services for CyberArk Software.

Resolution #3: Use More Data To Assess Risks
Part of that push to a more evolved risk assessment involves better incorporation of data into the process. As important as questionnaires and the like may be to understanding processes and practices, data mined from security technologies and IT infrastructure are equally important to validate that the assumptions made when answering questions are truly valid.

“Many organizations do not utilize the facts and data that are present in their environment,” says Amad Fida, CEO of Brinqa. “They miss the opportunity to analyze and correlate those responses with security data from their systems and controls they have in place.”

[Are you getting the most out of your security data? See 8 Effective Data Visualization Methods For Security Teams.]

Resolution #4: Collaborate With Business Users For More Pervasive Risk Management
The security elite have long preached the need for better alignment between IT security practices and the business. That starts first with increased collaboration in the risk-management process between risk managers and business users both inside and outside the organization, says Yo Delmar, vice president for MetricStream.

“Essentially risk, compliance, and security functions will have inputs from the first line of defense business users, suppliers, franchisees, and so on,” Delmar says, explaining that means providing a risk management platform that supports widespread useage for these users. “Risk management will increasingly be tied with performance management and will be available at the ‘point’ of action for business users. For example, if a company is working with high risk vendors, it will not be enough to just do an assessment of the vendor regularly, but rather systematically tie performance indicators and negotiations for renewals to that vendor risk assessment directly.”

Resolution #5: Balance Preventative Controls With Detective Controls
More organizations should resolve themselves to improve the balance between preventative and detective controls, Wild says.

“In the past, many companies almost exclusively relied on preventative controls, which is not 100% effective,” he explains. “Because of this, the use of detective controls to ensure security incidents that aren’t prevented can be discovered, contained and remediated.”

At the end of the day, this balance should be driven by a solid risk management-based security framework.

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/risk/top-5-it-risk-management-resolutions-for/240165296

The control centre of a nuclear power plant really doesn’t sound like the sort of place you’d want to see a malware infection.

So, when we hear that an infection is suspected to have hit a machine at a Japanese plant, it raises immediate fears of cyber-terrorism, or at the very least advanced state-sponsored espionage.

But in this case at least there seems to be not too much to worry about. This was no Stuxnet, and no first-strike superweapon cruelly targeting a nation already overburdened with nuclear tragedies.

From the sound of it, it seems like little more than incompetence and lack of proper caution in what is without doubt a sensitive setting, but is perhaps not quite as dangerous a place as it might at first sound.

Piecing together what little information can be gleaned from local news sources and specialist nuclear industry watchers, it would appear that the machine in question was one of eight in the control room at the Monju plant near Tsuruga, Fukui Prefecture.

Unusual behaviour was spotted by an admin on January 2nd, with over 30 unexpected connections made, thought to originate from South Korea.

Investigations are still ongoing, but it seems the system in question was not pivotal to the safety of the plant. The shared-use machine did however contain data including a large amount of employee email and training information which may have been leaked by the compromise.

Monju is a prototype sodium-cooled fast breeder reactor, commissioned in the mid-1990s, but only managed a few months of running before a sodium leak led to a major fire, following which the reactor was shut down for fifteen years.

A restart in 2010 was also short-lived, and the whole project has teetered between tentative restart plans and total abandonment ever since.

So, a non-serious infection on a non-crucial machine at a non-operational plant. But there may still be some lessons to be learnt here.

The suspected infection is said to have occurred “after an employee updated free software”, with the product in question elsewhere described as “video playback software”.

Of course, when we hear “video” and “update” in a malware context, we immediately think of the “fake codec” attack technique which was so popular 4-5 years back, but surely this can’t be a revival?

Either way, it seems like the plant’s IT is not too well protected, and is running freeware video software which any user can tinker with at will.

It’s probably fairly tedious work manning a long-defunct and slowly dying plant, and maybe the odd cat video can help kill some time, but that’s no excuse for sloppy security practices.

In any business setting, software should only be running if it is approved and maintained by IT staff, who should keep a close eye on any updates to make sure they don’t include any connecting-repeatedly-to-somewhere-they-shouldn’t components. This applies to all machines, however non-mission-critical they may be.

And even if your nuclear plant isn’t running at full speed, you can’t just put your feet up and ignore safety matters, Homer Simpson style.

There’s going to be all kinds of dangerous material around that needs to be properly monitored and maintained, so your IT setup still needs to be held up to higher standards than most businesses.

The Monju plant sounds like it has a pretty shabby record of safety, with reports of thousands of items of equipment being missed off checking schedules, and even attempts to cover up incidents.

A minor malware infection may not sound as serious as leaking radioactive material, but it should be seen as an indicator of potentially bigger problems to come.

It’s a sign that admins are not keeping a tight enough rein on their IT systems, and that users are not treating them with the respect and caution they deserve.

So, no cause for panic, but perhaps some cause for concern.

Follow @VirusBtn
Follow @NakedSecurity

Image of nuclear power courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/UoiyoReowPk/

Oh, the humanity: it was revealed on Monday that Guccifer, a notorious hacker with an inordinate fondness for celebrity targets, swiped the script for the fourth-season finale of rave TV show “Downton Abbey” sixth months before it aired in England.

Oh, what a spoiler-avoiding relief: he/she/they didn’t publish it.

The Smoking Gun, which has reportedly been talking with the hacker, on Monday received and published a star-studded roster of new Guccifer victims.

(Following The Smoking Gun’s lead, we’ll refer to Guccifer as “he” for the rest of the article.)

With apparently neither rhyme nor reason to explain the targeting, the list spans entertainers, industrialists, academics, diplomats, financiers, government and military officials, and journalists, the Smoking Gun reports.

Some of the names:

• Comedian Steve Martin
• Editor Tina Brown
• Ex-Nixon aide John Dean
• Author Kitty Kelley
• Actress Mariel Hemingway
• Three members of the UK’s House of Lords
• A former Air Force secretary
• The CEO/chairman of insurance conglomerate MetLife
• A Pulitzer Prize winner

Past victims have also included Corina Cretu, a Romanian journalist and former director of Romania’s domestic intelligence service, and former US Secretary of State Colin Powell.

In fact, Powell, who had his email breached when Guccifer doxed ex-president George Bush and then had his Facebook page defaced, found himself having to deny Guccifer-spawned allegations of an affair with Cretu.

The Smoking Gun reports that the archive Guccifed handed over shows that the hacker has accessed email correspondence, contact lists, phone records, personal photos, online storage sites, and a wide range of confidential financial documents, including credit card, banking, and investment statements.

From the Smoking Gun’s article:

Included in the archive are documents amounting to the hacker’s work product, such as text files recording an individual victim’s name, e-mail address, original account password, and the replacement password used by “Guccifer.” For instance, when the hacker broke into Powell’s email account, the password was changed to “ASSHOLEANON.” After breaching the Comcast email account of John Negroponte, a former U.S. ambassador to the United Nations, “Guccifer” reset the password to “hondbabykill1,” an apparent reference to Negroponte’s prior role as U.S. ambassador to Honduras, where American officials supported a military dictatorship suspected of killing and torturing dissidents.

The more Guccifer hacks, the wider Guccifer’s potential circle of targets: he has picked up cell phone numbers of Robert Redford and Warren Beatty, and the private email addresses for Nicole Kidman, Leonardo DiCaprio, and other celebrities, the Smoking Gun says.

The list goes on. And on. And on. For the full Hollywood/Washington/London who’s who victim roster, check out the news outlet’s article.

As far as how he managed to hack an array of email providers including Comcast, Cox, Gmail, Yahoo, AOL, Earthlink, Verizon, and the British-based Btinternet, Guccifer didn’t cough up any details.

But given that the Guccifer archive shows that he reviewed Wikipedia pages of prospective victims, the hacker likely made some good guesses to security questions, the Smoking Gun suggests.

Guccifer reportedly told the Smoking Gun that he turned over his archive “just in case I am busted.”

Will publishing the data help investigators to track him down?

Guccifer isn’t sweating it, as he told the Smoking Gun:

NO I am not concerned, i think i switch the proxies go to play some backgammon on yahoo watch tv, play with my family and daughter.

He also told the news outlet of buying a “new powerful computer” to help him keep hacking and get “back in business”.

The archive of the hacker’s targets show a dizzying array of entertainers, writers, and government and military officials, meaning that even more sensitive data (I know, hard to imagine anything more sensitive than a Downton spoiler) has been accessed.

That means, of course, that such sensitive data could still be published.

Guccifer’s sign-off for one email certainly isn’t reassuring.

To wit:

HAAAACKKKK!

Follow @LisaVaas

Follow @NakedSecurity

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/hoi6O7J5u7o/

Welcome to another episode of Techknow, the podcast in which Sophos experts debate, explore and explain the often baffling world of computer security.

Botnets, short for robot networks, are more than just malware: they’re the money making machinery of modern cybercriminals.

In this episode of our Techknow podcast series, Paul Ducklin and James Wyke help you to understand the What, How and Why of this troublesome topic.

The result is an entertaining and educational podcast that’s suitable for everyone from sysadmins to home surfers.

Botnets typically make money by stealing your data for resale in the cybercriminal underground, and by “borrowing” your computer and your internet connection to aid and abet other cybercriminal activities.

Without getting bogged down in jargon or in technicality, Paul and James give you motivation and advice for fighting against these modern-day digital zombies.

Remember: bots take over your computer to attack other people, so if you aren’t part of the solution, you’re part of the problem!

(Audio player above not working for you? Download to listen offline, or listen on Soundcloud.)

Other episodes you might like

• Sophos Techknow – The End of XP
• Sophos Techknow – Understanding vulnerabilities
• Sophos Techknow – Two-factor authentication
• Sophos Techknow – All about Java
• Sophos Techknow – Understanding SSL
• Sophos Techknow – Patching: lead, follow, or get out of the way?
• Sophos Techknow – Busting Password Myths

Get this and other Sophos podcasts

Follow @NakedSecurity

Follow @duckblog

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/MgyaOXmc4dw/

As IT risk management and security professionals steel themselves for another year of high-profile breaches, increasingly sophisticated attacks and continued regulatory scrutiny on their controls, now may be the perfect time to re-examine risk management priorities. While every organization is unique, risk management pundits believe there are certain common initiatives that could stand more attention among many enterprises. The following five resolutions—listed in no particular order–are among the top ways that risk managers can take their practices to the next level in 2014.
Resolution #1: Improving Third-Party Risk Management

As news of more breaches and security incidents caused by third-parties make the news, enterprises and regulatory bodies alike are sharpening their focus on risks posed by vendors and partners entrusted with their data. According Andrew Wild, CSO of Qualys, he expects third-party risk management to be a key area of focus for IT risk professionals this year.

“The growing reliance upon third parties requires a mature third party risk management program to ensure risks are properly identified, assessed and managed,” Wild says, pointing to new regulatory requirements such as the guidance issued for banking institutions by the U.S. Office of the Comptroller of the Currency . “However, even organizations with no regulatory or compliance program requirements for third party risk management face increased scrutiny from customers about third party risk management.”

Resolution #2: Tune Risk Management For Greater Flexibility And Response
Targeted and stealthy attacks will continue to press security practitioners to change their methods to deal with them.

“The damage generated by those targeted attacks will be significant enough to drive further migration from static border protection and access control-based security programs, to dynamic programs that analyze new threats and risks on a daily basis and drive upgrades, updates and system changes,” says Rich Dakin, chief security strategist for Coalfire,.

This, of course, means that risk analysis needs to advance way beyond simple yearly risk assessments if risk managers are to make meaningful calculations that can drive decisions about IT infrastructure and processes. Not only should organizations be seeking better ways to feed real-time information into risk assessments, but they also should be seeking ways to more quickly adjust existing technology according to those assessments rather than simply trying to buy their way out of newly identified risks.

“Businesses often assume they need new controls to address subsequent risks, but often times they can adjust existing controls to address new risks,” says Gerrit Lansing, director of consulting services for CyberArk Software.

Resolution #3: Use More Data To Assess Risks
Part of that push to a more evolved risk assessment involves better incorporation of data into the process. As important as questionnaires and the like may be to understanding processes and practices, data mined from security technologies and IT infrastructure are equally important to validate that the assumptions made when answering questions are truly valid.

“Many organizations do not utilize the facts and data that are present in their environment,” says Amad Fida, CEO of Brinqa. “They miss the opportunity to analyze and correlate those responses with security data from their systems and controls they have in place.”

[Are you getting the most out of your security data? See 8 Effective Data Visualization Methods For Security Teams.]

Resolution #4: Collaborate With Business Users For More Pervasive Risk Management
The security elite have long preached the need for better alignment between IT security practices and the business. That starts first with increased collaboration in the risk-management process between risk managers and business users both inside and outside the organization, says Yo Delmar, vice president for MetricStream.

“Essentially risk, compliance, and security functions will have inputs from the first line of defense business users, suppliers, franchisees, and so on,” Delmar says, explaining that means providing a risk management platform that supports widespread useage for these users. “Risk management will increasingly be tied with performance management and will be available at the ‘point’ of action for business users. For example, if a company is working with high risk vendors, it will not be enough to just do an assessment of the vendor regularly, but rather systematically tie performance indicators and negotiations for renewals to that vendor risk assessment directly.”

Resolution #5: Balance Preventative Controls With Detective Controls
More organizations should resolve themselves to improve the balance between preventative and detective controls, Wild says.

“In the past, many companies almost exclusively relied on preventative controls, which is not 100% effective,” he explains. “Because of this, the use of detective controls to ensure security incidents that aren’t prevented can be discovered, contained and remediated.”

At the end of the day, this balance should be driven by a solid risk management-based security framework.

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/risk/top-5-it-risk-management-resolutions-for/240165296

Team Snapchat, as it calls itself, has finally used the S-word.

Over Christmas 2013, the selfie-sharing site was confronted with warnings that its “find a friend by phone number” service was open to abuse.

Snapchat wrote off the risk as “theoretical.”

We’ll assume that Snapchat didn’t mean to throw down the gauntlet with its choice of words, but that seems to have been the outcome.

By New Year 2014, the selfie-sharing site was confronted with an online data dump of 4,600,000 usernames and phone numbers, apparently acquired by means of this “theoretical” attack.

→ Fair enough, an attack can’t be possible in practice without also being possible in theory, so Snapchat’s claim was true. But the phrase “theoretical attack” is a loaded one, typically implying that the attack should be considered highly unlikely.

Clearly, the anti-data-scraping protection Snapchat claimed to have put in place hadn’t worked that well.

Nevertheless, the company’s curious response was to avoid apologising, suggesting instead that it had as good as closed the door on the attack through smart programming.

(Perhaps it meant that its preventative measures were merely “theoretical”?)

Honour, however, has now been restored, with Snapchat having recently issued a short statement that includes an apology:

This morning we released a Snapchat update for Android and iOS that improves Find Friends functionality and allows Snapchatters to opt-out of linking their phone number with their username. This option is available in Settings Mobile #.

This update also requires new Snapchatters to verify their phone number before using the Find Friends service.

Our team continues to make improvements to the Snapchat service to prevent future attempts to abuse our API. We are sorry for any problems this issue may have caused you and we really appreciate your patience and support.

From the announcement, it sounds as though you will have to enter a phone number – and verify it, presumably by replying to an SMS or emailing back a registration code – before you can look up other people by phone number.

That seems reasonable, as a way of making you accountable for what you subsequently do with the service.

What’s not so reasonable is that if you want your own number to be unsearchable, you have to remember to go and opt out. (Presumably, therefore, everyone is searchable at least briefly, because you can’t opt out until after you’ve handed over your number.)

Theoretically, at least, things really ought to be the other way around, where you subsequently opt in if you want your number to be found by others.

Of course, it would be a little unfair to pick on Snapchat over its choice of opt-out here.

Sadly, opt-out is the direction that online services prefer, at least where permitted by law, and the direction that we collectively seem to have accepted.

Follow @duckblog

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/DPwEeinI-DM/

Disaster recovery protection level self-assessment

Mobile image-sharer Snapchat has promised an update to its service to seal off a security hole that allowed hackers to harvest the account details of some 4.6 million users.

The company said that its update will allow users to opt out of the Find Friends system and prevent others from looking up their account information through address books. In doing so, users will no longer appear in results when others seek to match their address book numbers with potential Snapchat friends.

“When we first built Snapchat, we had a difficult time finding other friends that were using the service,” Snapchat told users. “We wanted a way to find friends in our address book that were also using Snapchat – so we created Find Friends.”

The move looks to close a security hole in the Snapchat service which left users subject to a “brute force” hacking process in which an attacker could build a database of contact information by uploading an archive of phone numbers to the service and saving those which returned links for Snapchat users.

Such methods were described by researchers at security firm Gibson Security, who claim to have notified Snapchat of the flaw several months ago. The company said that by exploiting flaws in the Snapchat API, the process of searching and collecting account information for mobile spam and other services could be largely automated.

Though initially dismissed by Snapchat as a “theoretical” flaw, the vulnerability was soon seized upon to build a partially secured archive of 4.6 million user names and phone numbers.

Snapchat said that in addition to implementing an opt-out for Find Friends, the company is updating its systems to help prevent automated brute force attacks or exploits.

According to security vendor AdaptiveMobile, the leaked numbers are largely concentrated to California and New York, with the two states accounting for some 2.3 million accounts. Other regions impacted include Illinois, Colorado, and Florida.

Leaked accounts are largely confined to the coasts (source: AdaptiveMobile – click to enlarge)

Snapchat noted that no other personal data or user photos were collected in the attack, and CEO Evan Spiegel stopped short of issuing a mea culpa for the incident when speaking with The Today Show.

“I believe at the time we thought we had done enough,” he said, “but in a business like this that is moving so quickly, if you spend your time looking backwards, you’re just going to kill yourself.” ®

Master list of DNS terminology

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2014/01/04/snapchat_issues_update_in_wake_of_46_million_user_data_breach/

BOULDER, COLORADO–(Marketwired – Jan. 9, 2014) – Rogue Wave Software announced today that it has acquired Klocwork Inc., a global leader in software development tools for creating more secure, reliable code. Klocwork offers tools that analyze source code on-the-fly, simplify peer code reviews, and extend the life of complex software. The addition of the Klocwork tools to TotalView(R) and the OLEX(TM) open source scanning solution complements and expands the Rogue Wave solutions for developers, enabling them to write better – more secure – code, faster.

“Rogue Wave has consistently provided market-leading frameworks and tools used by developers to enable software everywhere,” said Brian Pierce, CEO of Rogue Wave. “With the addition of Klocwork, we greatly enhance our customers’ ability to create secure and reliable code, while expanding our offering from the enterprise to the embedded development market. Klocwork’s innovative team and technologies are an incredible addition to the Rogue Wave family.”

Klocwork Insight(TM) is a source code analysis tool that seamlessly integrates into a developer’s personal workflow on their desktop. It alerts developers to potential security vulnerabilities or reliability issues in real-time, as they are typing. Combined with Klocwork Cahoots(TM), a simple yet powerful code review platform, developers have solutions to assist with application security, source code analysis, code review, reporting and metrics, code refactoring and code architecture.

Klocwork’s customers will continue to receive the same outstanding service and support, and benefit from the tremendous depth of Rogue Wave’s products and resources. “Bringing these great teams and technologies together benefits our customers and advances the Rogue Wave developer toolset,” said Mike Laginski, CEO of Klocwork. “Rogue Wave’s long history of providing products to improve developers’ ability to write secure, reliable enterprise applications, is the perfect fit for Klocwork.”

About Rogue Wave Software

Rogue Wave Software, Inc. is the largest independent provider of cross-platform software development tools and embedded components. Rogue Wave application development products reduce the complexity of prototyping, developing, debugging, and optimizing multi-processor and data-intensive software applications. Rogue Wave customers include industry leaders in the Global 2000 as well as leading government institutions and universities. For more information, visit www.roguewave.com.

Article source: http://www.darkreading.com/applications/rogue-wave-software-acquires-source-code/240165279

MOUNTAIN VIEW, Calif.; INGOLSTADT, Germany; DETROIT, Mich.; TOKYO, Japan; SEOUL, South Korea., January 6, 2014 – Extending the success of the Android ecosystem, which has seen over one billion devices activated to date, a coalition of auto and technology companies announced today a new industry alliance aimed at bringing the Android platform to a device that’s always been mobile: the car.

Audi, GM, Google, Honda, Hyundai and NVIDIA have joined together to form the Open Automotive Alliance (OAA), a global alliance of technology and auto industry leaders committed to bringing the Android platform to cars starting in 2014. The OAA is dedicated to a common platform that will drive innovation, and make technology in the car safer and more intuitive for everyone.

The OAA is aimed at accelerating auto innovation with an approach that offers openness, customization and scale, key tenets that have already made Android a familiar part of millions of people’s lives. This open development model and common platform will allow automakers to more easily bring cutting-edge technology to their drivers, and create new opportunities for developers to deliver powerful experiences for drivers and passengers in a safe and scalable way.

“The worlds of consumer and automotive technologies have never been more closely aligned, and this alliance will only pave the way for faster innovation,” said Ricky Hudi, Head of Electrics/Electronics Development at AUDI AG. “Working toward a common ecosystems benefits driver safety above all.”

“Partnering with Google and the OAA on an ecosystem that spans across vehicles and handheld mobile devices furthers our mission to bring vehicles into our owners digital lives and their digital lives into their vehicles,” said Mary Chan, President of General Motors’ Global Connected Consumer unit. “We see huge opportunities for the Android platform paired with OnStar 4G LTE connectivity in future Chevrolet, Buick, GMC and Cadillac vehicles.”

“Millions of people are already familiar with Android and use it everyday,” said Sundar Pichai, SVP of Android, Chrome Apps at Google. “The expansion of the Android platform into automotive will allow our industry partners to more easily integrate mobile technology into cars and offer drivers a familiar, seamless experience so they can focus on the road.”

“We are very pleased to join this alliance with Google as a founding member because Honda is committed to providing the very best connected-car experience to our customers,” said Yoshiharu Yamamoto, president, CEO and director of Honda RD Co., Ltd. “The Honda team is looking forward to collaborating with Google and all OAA members to help advance the safety, value and ease of use of connected-car technologies.”

“Through the OAA, our customers using Android devices will soon be able to enjoy the continuous user experience in their Hyundai and Kia vehicles.” said Dr. Woong-Chul Yang, Vice Chairman of RD, Hyundai Motor Group. “By introducing the latest IT technologies safely and securely throughout our full range of vehicles, we continually strive to provide the highest levels of convenience and enhance the in-vehicle experience.”

“The car is the ultimate mobile computer. With onboard supercomputing chips, futuristic cars of our dreams will no longer be science fiction,” said Jen-Hsun Huang, president and chief executive officer, NVIDIA. “The OAA will enable the car industry to bring these amazing cars to market faster.”

OAA members share a vision for the connected car, and bringing these open standards of innovation to the market will help extend people’s mobile experience seamlessly to another platform they already know and love. Timing from each automaker will vary, but you can expect to see the first cars with Android integration by the end of this year. The OAA invites other automotive technology companies to join in this endeavor.

Article source: http://www.darkreading.com/government-vertical/new-roads-ahead-for-android-and-the-open/240165271