The government says it did not know about the OpenSSL vulnerability before it was publicly disclosed. But if it had known, it might not have told us, says White House Cybersecurity Coordinator Michael Daniel.
New guidelines on improving encryption tools in the wake of the Heartbleed bug offer a range of options for improving encryption, but bigger changes loom down the road.
Having a single credential that can be authenticated by a trusted authority and accepted by multiple users can reduce the attack surface by maintaining personally identifiable information at a single point.
Despite all of the fervor and money that's being directed at government cybersecurity, a more immediately effective remedy might be to tighten up on information handling processes and procedures and general data hygiene.
Open source software is not inherently more risky than proprietary, but you should be involved if you use it. “If it’s open source and it’s not secure, it’s partly your fault.”
With forecasts of more frequent, sophisticated and targeted attacks, government's best bet might be to limit the damage rather than trying to prevent the threats completely.
In the wake of 16 years of information security problems at the Veterans Affairs Department, Congress is considering legislation to focus management attention on the sprawling department's struggling security program.
Attacking U.S. networks has become a profit-driven big business that will put government confidence in its cyber forces to the test.
Twelve years after launching its Trustworthy Computing initiative, Microsoft has reduced the vulnerabilities in its operating systems and helped to change the way software is developed.
If the iris changes as people age, then ID systems based on iris recognition could cause security chaos.