Search Results

"Given Amazon's market position and notoriety, it will certainly cause companies and people to pay attention to this move," observed Dean Coclin, senior director of business development at DigiCert, a digital security company in Lehi, Utah "The Fire Stick is a huge success for...

There is a lot of malware associated with the Android community, and not just because the apps are free, Dean Coclin, senior director of business development at Symantec, told the E-Commerce Times For starters, he said, there is no authentication for developers, and it is very...

Step 3: More Vetting Properly done, vetting is about tying all the disparate loose ends together to eliminate or make extremely unlikely any mischief. But there's one more step that is often missing. Some OS vendors provide certificates that sign the code directly to developers. In theory, that's fine. As long as the developer uses and stores the certificate properly, security directors can sleep at night. But what if that certificate is given to another developer? Or stolen? Or misplaced? Then the entire security process has been compromised. The proper way to ensure security is to maintain the signing key in a portal so that developers must upload their signed code each and every time they create new software. In that way, the portal ensures the security of the signing key and the integrity of the code. Only the portal can sign the code with a key that will allow it to run on the phone. And since criminals don't like to be identified, it greatly reduces the risk of rogue code. Many large enterprises aren't waiting for mobile equipment providers to maintain this high level of security and are defining their own stringent requirements to protect their networks. In such cases, enterprises restrict users from downloading all but specified programs. But smaller enterprises don't have these same capabilities. That's why for the safety of millions of businesses, digital certificates plus comprehensive vetting should be undertaken to protect our networks. By following these few simple and inexpensive steps -- using certificates and proper vetting -- CSOs and CIOs should be able to sleep more securely, knowing their enterprises are also safer. Dean Coclin is vice president of business development for ChosenSecurity. ...