DeepSec 2024 Press Release: Choice of programming language does not determine IT security. NSA warns of memory errors while ignoring the majority of other security vulnerabilities

Sanna/ November 18, 2024/ Press/ 0 comments

There are over 900 clearly classified defects in software applications. Some of these are because of memory errors, where code accesses memory areas incorrectly and subsequent errors can lead to crashes or other effects. In 2022, the US National Security Agency (NSA) warned against using the programming languages C and C++ to avoid memory errors. The recommendation is to use other programming languages that prevent these errors. This recommendation ignores reality, as these problems can no longer occur in modern, correct C++ code because of the language specification. Furthermore, the NSA’s proposal ignores existing code that is well tested and ready for production, and much more dangerous defects that are still possible in all programming languages. Modern C++ Bjarne Stroustrup published the C++ programming language back in 1978, and it has continued to evolve

Read More

DeepSec 2024 press release: Sluggish NIS2 implementation as a security risk. DeepSec conference presents remedies against the shock paralysis in companies

Sanna/ November 8, 2024/ Conference, Press/ 0 comments

Directive (EU) 2022/2555, abbreviated as the NIS-2 Directive, should strengthen resistance to digital attacks by potential targets in the European Union. Certain companies of a certain size in defined sectors are required to implement the directive. The directive targets critical and important companies. This year’s DeepSec conference, together with sematicon AG, will present a practical approach to implementation. Checklists and metrics are not enough Implementing security measures always requires a certain amount of preparation. A good deal of already fail at this first hurdle, because the exact knowledge of your own network and all the devices in it can vary depending on the counting method. Is a control or measuring device just a device or a full computer with operating systems? The classification determines many of the consequences when securing such devices. Correctly categorizing

Read More

DeepSec 2019 Press Release: High-quality Randomness protects Companies

Sanna/ November 25, 2019/ Conference, Training

The ‘bugs’ of the’ 90s are still alive – hidden in IoT devices, integrated systems and industrial controls. Modern information security can’t manage without mathematics. It is less about statistics in the form of operational data or risk analysis. It’s about cryptography, which is constantly used in everyday life. It uses elements that build on high-quality random numbers to protect information from attacks. This year’s DeepSec Security Conference addresses key aspects of product implementation – data protection during transport and storage. Protecting the Digital Transformation Whether “intelligent” bulbs and illuminants, heating or building controls, tv-sets, industrial plants or entire production lines – the digital transformation covers all areas of our lives and leads to changes. On the one hand, digitization opens up opportunities such as the optimization of processes, the more efficient use of

Read More