Warning: fwrite() expects parameter 1 to be resource, boolean given in /var/www/www.schuirink.net/www/xml/headlines.php on line 383

Warning: fclose() expects parameter 1 to be resource, boolean given in /var/www/www.schuirink.net/www/xml/headlines.php on line 384
cert.org :: Ooops! :: XML error: Not well-formed (invalid token) at line 1 :: using alternative parser
codepage:UTF-8
array(7) {
  ["encoding"]=>
  string(5) "UTF-8"
  ["title"]=>
  string(18) "CERT Announcements"
  ["link"]=>
  string(37) "http://www.cert.org/nav/whatsnew.html"
  ["description"]=>
  string(46) "Announcements: What's New on the CERT web site"
  ["language"]=>
  string(5) "en-us"
  ["items"]=>
  array(92) {
    [0]=>
    array(4) {
      ["title"]=>
      string(36) "Java Secure Coding Standard Released"
      ["link"]=>
      string(90) "https://www.securecoding.cert.org/confluence/display/java/CERT+Java+Secure+Coding+Standard"
      ["description"]=>
      string(263) "CERT has released the Java Secure Coding Standard in addition to existing secure coding standards for the C and C++ programming languages. CERT invites the Java community to participate in this effort by reviewing content in the Java space and providing comments."
      ["pubDate"]=>
      string(31) "Mon, 08 Sep 2008 15:15:00 -0400"
    }
    [1]=>
    array(4) {
      ["title"]=>
      string(27) "New Technical Note Released"
      ["link"]=>
      string(62) "http://www.cert.orghttp://www.cert.org/archive/pdf/08tn017.pdf"
      ["description"]=>
      string(213) "Computer Forensics: Results of Live Response Inquiry vs. Memory Image Analysis presents a live response scenario and compares various approaches and tools used to capture and analyze evidence from computer memory."
      ["pubDate"]=>
      string(31) "Tue, 02 Sep 2008 15:46:50 -0400"
    }
    [2]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(98) "Well-defined metrics are essential to determine which security practices are worth the investment."
      ["pubDate"]=>
      string(31) "Tue, 02 Sep 2008 10:16:44 -0400"
    }
    [3]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(139) "Software security is accomplished by thinking like an attacker and integrating security practices into your software development lifecycle."
      ["pubDate"]=>
      string(31) "Wed, 20 Aug 2008 09:55:06 -0400"
    }
    [4]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(110) "Protecting critical infrastructures and the information they use are essential for preserving our way of life."
      ["pubDate"]=>
      string(31) "Tue, 05 Aug 2008 13:22:13 -0400"
    }
    [5]=>
    array(4) {
      ["title"]=>
      string(23) "CERT Statistics Updated"
      ["link"]=>
      string(26) "http://www.cert.org/stats/"
      ["description"]=>
      string(83) "The CERT statistics have been updated with numbers from the second quarter of 2008."
      ["pubDate"]=>
      string(31) "Tue, 29 Jul 2008 15:11:11 -0400"
    }
    [6]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(113) "Determining which security vulnerabilities to address should be based on the importance of the information asset."
      ["pubDate"]=>
      string(31) "Tue, 22 Jul 2008 11:39:55 -0400"
    }
    [7]=>
    array(3) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["pubDate"]=>
      string(31) "Tue, 22 Jul 2008 11:35:23 -0400"
    }
    [8]=>
    array(4) {
      ["title"]=>
      string(27) "CERT Autoresponder Disabled"
      ["link"]=>
      string(19) "http://www.cert.org"
      ["description"]=>
      string(258) "Because of ongoing problems with the autoresponder messages being interpreted as spam, we have decided to discontinue providing an automatic acknowledgement of email sent to cert@cert.org. This change does not affect how we handle email sent to that address."
      ["pubDate"]=>
      string(31) "Fri, 18 Jul 2008 11:22:39 -0400"
    }
    [9]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(139) "During requirements engineering, software engineers need to think deeply about (and document) how software should behave when under attack."
      ["pubDate"]=>
      string(31) "Tue, 08 Jul 2008 10:54:21 -0400"
    }
    [10]=>
    array(4) {
      ["title"]=>
      string(51) "Winners of Best Practices Security Awards Announced"
      ["link"]=>
      string(53) "http://www.cert.org/csirts/national/contest_2008.html"
      ["description"]=>
      string(176) "The winning papers from the first international competition honoring best practices and advances in safeguarding the security of computer systems and networks have been posted."
      ["pubDate"]=>
      string(31) "Fri, 27 Jun 2008 11:58:07 -0400"
    }
    [11]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(97) "Targeted, innovative communications and a robust life cycle are keys for security policy success."
      ["pubDate"]=>
      string(31) "Tue, 24 Jun 2008 11:00:03 -0400"
    }
    [12]=>
    array(4) {
      ["title"]=>
      string(100) "Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools Published"
      ["link"]=>
      string(43) "http://www.cert.org/archive/pdf/08tr014.pdf"
      ["description"]=>
      string(250) "This report describes a study conducted by the CERT Secure Coding Initiative and JPCERT to evaluate the efficacy of the CERT Secure Coding Standards and source code analysis tools in improving the quality and security of commercial software projects."
      ["pubDate"]=>
      string(31) "Tue, 17 Jun 2008 11:35:48 -0400"
    }
    [13]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(113) "Managing software that is developed by an outside organization can be more challenging than building it yourself."
      ["pubDate"]=>
      string(31) "Tue, 10 Jun 2008 11:19:16 -0400"
    }
    [14]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(127) "Software security is about building better, more defect-free software to reduce vulnerabilities that are targeted by attackers."
      ["pubDate"]=>
      string(31) "Tue, 27 May 2008 11:52:08 -0400"
    }
    [15]=>
    array(4) {
      ["title"]=>
      string(23) "New CERT PGP Public Key"
      ["link"]=>
      string(49) "http://www.cert.org/contact_cert/encryptmail.html"
      ["description"]=>
      string(91) "CERT has updated its PGP public key. We strongly urge you to encrypt sensitive information."
      ["pubDate"]=>
      string(31) "Fri, 23 May 2008 15:44:07 -0400"
    }
    [16]=>
    array(4) {
      ["title"]=>
      string(47) "Making the Business Case for Software Assurance"
      ["link"]=>
      string(66) "http://www.cert.orghttp://www.sei.cmu.edu/community/assurance.html"
      ["description"]=>
      string(251) "This one-day workshop will explore methods for capturing development costs and benefits associated with software assurance and making the case to executive management. A call for papers has been posted; registration information will soon be available."
      ["pubDate"]=>
      string(31) "Thu, 15 May 2008 13:35:04 -0400"
    }
    [17]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(123) "High performing organizations effectively integrate information security controls into mainstream IT operational processes."
      ["pubDate"]=>
      string(31) "Tue, 13 May 2008 11:07:30 -0400"
    }
    [18]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(105) "Helping your staff learn how to identify social engineering attempts is the first step in thwarting them."
      ["pubDate"]=>
      string(31) "Tue, 29 Apr 2008 14:37:46 -0400"
    }
    [19]=>
    array(4) {
      ["title"]=>
      string(37) "Vulnerability Analysis Blog Published"
      ["link"]=>
      string(31) "http://www.cert.org/blogs/vuls/"
      ["description"]=>
      string(116) "In a new blog on the CERT website, CERT staff members will address various issues related to vulnerability analysis."
      ["pubDate"]=>
      string(31) "Fri, 18 Apr 2008 12:41:55 -0400"
    }
    [20]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(119) "Benchmark results can be used to compare with peers, drive performance, and help determine how much security is enough."
      ["pubDate"]=>
      string(31) "Tue, 15 Apr 2008 12:49:22 -0400"
    }
    [21]=>
    array(4) {
      ["title"]=>
      string(23) "CERT Statistics Updated"
      ["link"]=>
      string(26) "http://www.cert.org/stats/"
      ["description"]=>
      string(82) "The CERT statistics have been updated with numbers from the first quarter of 2008."
      ["pubDate"]=>
      string(31) "Mon, 14 Apr 2008 12:26:34 -0400"
    }
    [22]=>
    array(4) {
      ["title"]=>
      string(72) "CERT Authors Publish Book About Building Security into Software Products"
      ["link"]=>
      string(100) "http://www.cert.orghttp://www.sei.cmu.edu/publications/books/cert/software-security-engineering.html"
      ["description"]=>
      string(238) "Software Security 
Engineering: A Guide for Project Managers will be published by Addison-Wesley in early May 2008. The book shows project managers how to build 
security into their software products throughout the development life cycle."
      ["pubDate"]=>
      string(31) "Tue, 01 Apr 2008 15:12:28 -0400"
    }
    [23]=>
    array(4) {
      ["title"]=>
      string(50) "Reminder: Entries for Security Awards Due April 30"
      ["link"]=>
      string(68) "http://www.cert.orghttp://www.first.org/conference/2008/contest.html"
      ["description"]=>
      string(225) "Submissions for the first international competition honoring best practices and advances in safeguarding the security of computer systems and networks are due by April 30. The contest is being hosted by FIRST and the CERT/CC."
      ["pubDate"]=>
      string(31) "Tue, 01 Apr 2008 14:08:07 -0400"
    }
    [24]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(146) "Aligning with business objectives, integrating with enterprise risks, and collaborating with stakeholders are key to ensuring information privacy."
      ["pubDate"]=>
      string(31) "Tue, 01 Apr 2008 12:43:36 -0400"
    }
    [25]=>
    array(4) {
      ["title"]=>
      string(68) "Incident Management Mission Diagnostic Method, Version 1.0 Published"
      ["link"]=>
      string(62) "http://www.cert.orghttp://www.cert.org/archive/pdf/08tr007.pdf"
      ["description"]=>
      string(137) "This report presents a risk-based approach for determining the potential for success of an organization's incident management capability."
      ["pubDate"]=>
      string(31) "Mon, 31 Mar 2008 11:29:16 -0400"
    }
    [26]=>
    array(4) {
      ["title"]=>
      string(30) "CERT Sponsors FIRST Conference"
      ["link"]=>
      string(56) "http://www.cert.orghttp://www.first.org/conference/2008/"
      ["description"]=>
      string(176) "CERT is a sponsor for the 2008 FIRST Conference, which will be held in Canada in June. This year marks the 20th annual FIRST conference as well as the 20th anniversary of CERT."
      ["pubDate"]=>
      string(31) "Fri, 28 Mar 2008 11:59:12 -0400"
    }
    [27]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(137) "A sound security metrics program is grounded in selecting data that is relevant to consumers and collecting it from repeatable processes."
      ["pubDate"]=>
      string(31) "Tue, 18 Mar 2008 09:58:37 -0400"
    }
    [28]=>
    array(4) {
      ["title"]=>
      string(55) "CERT Resiliency Engineering Framework, v0.95R Available"
      ["link"]=>
      string(57) "http://www.cert.org/resiliency_engineering/framework.html"
      ["description"]=>
      string(138) "A draft version of the CERT Resiliency Engineering Framework is now available.  We welcome and encourage your feedback on these materials."
      ["pubDate"]=>
      string(31) "Mon, 17 Mar 2008 10:58:45 -0400"
    }
    [29]=>
    array(4) {
      ["title"]=>
      string(42) "2007 CERT Research Annual Report Published"
      ["link"]=>
      string(52) "http://www.cert.org/research/2007research-report.pdf"
      ["description"]=>
      string(222) "CERT is developing theoretical foundations and engineering methods to help ensure the security of critical systems and networks. This report describes progress in CERT research projects and opportunities for collaboration."
      ["pubDate"]=>
      string(31) "Thu, 06 Mar 2008 10:36:25 -0500"
    }
    [30]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(134) "Significant insider threat vulnerabilities can be introduced (and mitigated) during all phases of the software development life cycle."
      ["pubDate"]=>
      string(31) "Tue, 04 Mar 2008 10:27:36 -0500"
    }
    [31]=>
    array(4) {
      ["title"]=>
      string(108) "FIRST and Carnegie Mellon Software Enginnering Institute CERT Coordination Center Unveil New Security Awards"
      ["link"]=>
      string(68) "http://www.cert.orghttp://www.first.org/conference/2008/contest.html"
      ["description"]=>
      string(306) "The first-ever international competition honoring best practices and advances in safeguarding the security of computer systems and 
networks is announced today by the Forum of Incident Response and Security Teams (FIRST) and Carnegie Software Engineering Institute (SEI) CERT Coordination Center (CERT/CC)."
      ["pubDate"]=>
      string(31) "Tue, 26 Feb 2008 09:12:17 -0500"
    }
    [32]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(108) "Business leaders need to understand the risks to their organizations caused by the proliferation of botnets."
      ["pubDate"]=>
      string(31) "Tue, 19 Feb 2008 11:20:14 -0500"
    }
    [33]=>
    array(4) {
      ["title"]=>
      string(69) "CERT to Participate in Second Annual Counter eCrime Operations Summit"
      ["link"]=>
      string(80) "http://www.cert.orghttp://www.antiphishing.org/events/2008_operationsSummit.html"
      ["description"]=>
      string(93) "CERT will be participating in the Counter eCrime Operations Summit II May 26-27 Tokyo, Japan."
      ["pubDate"]=>
      string(31) "Thu, 14 Feb 2008 11:30:38 -0500"
    }
    [34]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(159) "Selecting and reporting meaningful security metrics depend on picking topics of great interest, defining the business context, and having access to sound data."
      ["pubDate"]=>
      string(31) "Tue, 05 Feb 2008 10:47:48 -0500"
    }
    [35]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(159) "Selecting and reporting meaningful security metrics depend on picking topics of great interest, defining the business context, and having access to sound data."
      ["pubDate"]=>
      string(31) "Tue, 05 Feb 2008 10:38:57 -0500"
    }
    [36]=>
    array(4) {
      ["title"]=>
      string(39) "SQUARE Instructional Materials Released"
      ["link"]=>
      string(54) "http://www.cert.org/sse/square/square-description.html"
      ["description"]=>
      string(140) "Workshop, tutorial, and academic educational materials on SQUARE (Security Quality Requirements Engineering) are now available for download."
      ["pubDate"]=>
      string(31) "Tue, 22 Jan 2008 10:54:03 -0500"
    }
    [37]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(120) "Peer-to-peer networks are being used today to unintentionally disclose government, commercial, and personal information."
      ["pubDate"]=>
      string(31) "Tue, 22 Jan 2008 10:20:34 -0500"
    }
    [38]=>
    array(4) {
      ["title"]=>
      string(23) "CERT Statistics Updated"
      ["link"]=>
      string(26) "http://www.cert.org/stats/"
      ["description"]=>
      string(91) "The numbers from the fourth quarter have been incorporated, completing the 2007 statistics."
      ["pubDate"]=>
      string(31) "Tue, 15 Jan 2008 16:29:00 -0500"
    }
    [39]=>
    array(4) {
      ["title"]=>
      string(31) "Insider Threat Studies Released"
      ["link"]=>
      string(35) "http://www.cert.org/insider_threat/"
      ["description"]=>
      string(324) "Insider Threat Study: Illicit Cyber Activity in the Government Sector and Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector have been released. These reports present the findings of research efforts to examine reported insider incidents within their respective sectors."
      ["pubDate"]=>
      string(31) "Wed, 09 Jan 2008 08:54:15 -0500"
    }
    [40]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(110) "Directors and senior executives are personally accountable for protecting information entrusted to their care."
      ["pubDate"]=>
      string(31) "Tue, 08 Jan 2008 10:24:08 -0500"
    }
    [41]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(120) "Internal Audit can serve a key role in putting an effective information security program in place, and keeping it there."
      ["pubDate"]=>
      string(31) "Mon, 10 Dec 2007 22:22:17 -0500"
    }
    [42]=>
    array(4) {
      ["title"]=>
      string(30) "FloCon 2008 Schedule Available"
      ["link"]=>
      string(41) "http://www.cert.org/flocon/2008/schedule/"
      ["description"]=>
      string(62) "The schedule for the FloCon 2008 conference has been released."
      ["pubDate"]=>
      string(31) "Thu, 29 Nov 2007 12:43:57 -0500"
    }
    [43]=>
    array(4) {
      ["title"]=>
      string(47) "FBI Announces Results of Operation Bot Roast II"
      ["link"]=>
      string(67) "http://www.cert.orghttp://www.fbi.gov/page2/nov07/botnet112907.html"
      ["description"]=>
      string(256) "In the second phase of the FBI investigation of botnets, 8 people were indicted, pled guilty, or were sentenced. So far, more than $20 million in losses and more than 1 million victim computers have been identified. Learn how to prevent and report attacks."
      ["pubDate"]=>
      string(31) "Thu, 29 Nov 2007 11:14:16 -0500"
    }
    [44]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(147) "Information security degree programs are proliferating, but what do they really offer business leaders who are seeking knowledgeable employees?"
      ["pubDate"]=>
      string(31) "Tue, 27 Nov 2007 12:22:15 -0500"
    }
    [45]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(136) "Information security risk assessment, performed in concert with operational risk management, can contribute to compliance as an outcome."
      ["pubDate"]=>
      string(31) "Tue, 13 Nov 2007 12:11:08 -0500"
    }
    [46]=>
    array(4) {
      ["title"]=>
      string(83) "CERT NetSA Group Participates in Anti-Phishing Working Group eCrime Research Summit"
      ["link"]=>
      string(26) "http://www.cert.org/netsa/"
      ["description"]=>
      string(292) "Members of the CERT Network Situational Awarness Group presented Fishing for Phishes: Applying Capture-Recaputre Methods to Estimate Phishing Populations at the APWG eCrime Researchers Summit. They also 
participated in the Report out and Panel: Uncleanliness: Quantifying network reputation."
      ["pubDate"]=>
      string(31) "Thu, 01 Nov 2007 11:54:42 -0400"
    }
    [47]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(165) "Business Leaders can play a key role in computer forensics by establishing strong policies and proactively testing to ensure those policies work in tough situations."
      ["pubDate"]=>
      string(31) "Tue, 30 Oct 2007 11:55:11 -0400"
    }
    [48]=>
    array(4) {
      ["title"]=>
      string(23) "CERT Statistics Updated"
      ["link"]=>
      string(26) "http://www.cert.org/stats/"
      ["description"]=>
      string(82) "The CERT statistics have been updated with numbers from the third quarter of 2007."
      ["pubDate"]=>
      string(31) "Tue, 16 Oct 2007 14:45:14 -0400"
    }
    [49]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(141) "A business resilience argument can bridge the communication gap that often exists between information security officers and business leaders."
      ["pubDate"]=>
      string(31) "Tue, 16 Oct 2007 11:19:12 -0400"
    }
    [50]=>
    array(4) {
      ["title"]=>
      string(43) "Vodcast - Secure Coding Initiative: Project"
      ["link"]=>
      string(54) "http://www.cert.org/vodcast/secure-coding/project.html"
      ["description"]=>
      string(51) "Robert Seacord discusses the Secure Coding project."
      ["pubDate"]=>
      string(31) "Tue, 09 Oct 2007 11:17:59 -0400"
    }
    [51]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(180) "By taking a holistic view of business resilience - similar in many ways to classical engineering - business leaders can help their operations stand up to known and unknown threats."
      ["pubDate"]=>
      string(31) "Tue, 02 Oct 2007 11:33:23 -0400"
    }
    [52]=>
    array(4) {
      ["title"]=>
      string(34) "FloCon 2008 Call for Presentations"
      ["link"]=>
      string(42) "http://www.cert.org/flocon/2008/index.html"
      ["description"]=>
      string(136) "The submission deadline for FloCon 2008 is fast approaching! Send a description of your presentation in before midnight October 5, 2007."
      ["pubDate"]=>
      string(31) "Fri, 21 Sep 2007 10:01:39 -0400"
    }
    [53]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(126) "It's easy to think of security as a collection of technologies and tools - but people are the real key to any security effort."
      ["pubDate"]=>
      string(31) "Tue, 18 Sep 2007 11:23:42 -0400"
    }
    [54]=>
    array(4) {
      ["title"]=>
      string(46) "Ranged Integers for the C Programming Language"
      ["link"]=>
      string(43) "http://www.cert.org/archive/pdf/07tn027.pdf"
      ["description"]=>
      string(163) "This report describes an extension to the C programming language to introduce the notion of ranged integers, that is, integer types with a defined range of values."
      ["pubDate"]=>
      string(31) "Thu, 13 Sep 2007 09:48:48 -0400"
    }
    [55]=>
    array(4) {
      ["title"]=>
      string(87) "Resiliency Engineering Framework and Service Oriented Architecture Information Sessions"
      ["link"]=>
      string(60) "http://www.cert.org/resiliency_engineering/index.html#events"
      ["description"]=>
      string(308) "Special information sessions for technical managers, software engineers, and decision makers on the CERT Resiliency Engineering Framework (REF) and Service Oriented Architecture (SOA) are scheduled for October 16 in Frankfurt, Germany, and October 18 in London. More information is available on the SEI site."
      ["pubDate"]=>
      string(31) "Wed, 12 Sep 2007 15:27:04 -0400"
    }
    [56]=>
    array(4) {
      ["title"]=>
      string(25) "2007 E-Crime Watch Survey"
      ["link"]=>
      string(51) "http://www.cert.org/archive/pdf/ecrimesummary07.pdf"
      ["description"]=>
      string(114) "The 4th annual E-Crime Watch Survey has been released by CERT, the US Secret Service, CSO Magazine, and Microsoft."
      ["pubDate"]=>
      string(31) "Tue, 11 Sep 2007 08:45:08 -0400"
    }
    [57]=>
    array(4) {
      ["title"]=>
      string(37) "Vodcast: Secure Coding Standards Work"
      ["link"]=>
      string(56) "http://www.cert.org/vodcast/secure-coding/standards.html"
      ["description"]=>
      string(130) "Robert Seacord talks about the development of secure coding rules and recommendations for C, C++. and other programming languages."
      ["pubDate"]=>
      string(31) "Fri, 07 Sep 2007 13:05:04 -0400"
    }
    [58]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(150) "Given that you can't secure everything, managing security risk to a "commercially reasonable degree" can lead to the best possible solution."
      ["pubDate"]=>
      string(31) "Tue, 04 Sep 2007 15:39:52 -0400"
    }
    [59]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(166) "Business leaders can use national CSIRTs (Computer Security Incident Response Teams) as a key resource when dealing with incidents with a national or worldwide scope."
      ["pubDate"]=>
      string(31) "Tue, 21 Aug 2007 11:43:44 -0400"
    }
    [60]=>
    array(4) {
      ["title"]=>
      string(66) "Vodcast: Training Provided through CERT's Secure Coding Initiative"
      ["link"]=>
      string(41) "http://www.cert.org/vodcast/training.html"
      ["description"]=>
      string(84) "Robert Seacord discusses CERT's offerings in the realm of training in secure coding."
      ["pubDate"]=>
      string(31) "Tue, 07 Aug 2007 11:43:24 -0400"
    }
    [61]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(121) "Information security costs can be significantly reduced by enforcing standard configurations for widely deployed systems."
      ["pubDate"]=>
      string(31) "Tue, 07 Aug 2007 11:19:59 -0400"
    }
    [62]=>
    array(4) {
      ["title"]=>
      string(55) "Beta Implementation of Managed String Library  Released"
      ["link"]=>
      string(52) "http://www.cert.org/secure-coding/managedstring.html"
      ["description"]=>
      string(151) "The beta version of the managed string library, developed to improve the quality and security of newly developed C-language programs, is now available."
      ["pubDate"]=>
      string(31) "Thu, 02 Aug 2007 16:03:53 -0400"
    }
    [63]=>
    array(4) {
      ["title"]=>
      string(33) "Microsoft Recognizes CERT Analyst"
      ["link"]=>
      string(66) "http://www.microsoft.com/technet/security/acknowledge/default.mspx"
      ["description"]=>
      string(210) "Microsoft has acknowledged Will Dormann of the CERT/CC for identifying and helping to remediate security vulnerabilities in their online services. Will is one of eleven individuals recognized for their efforts."
      ["pubDate"]=>
      string(31) "Thu, 02 Aug 2007 11:55:15 -0400"
    }
    [64]=>
    array(4) {
      ["title"]=>
      string(23) "CERT Statistics Updated"
      ["link"]=>
      string(26) "http://www.cert.org/stats/"
      ["description"]=>
      string(106) "The layout of the statistics has been updated, and numbers have been added for the second quarter of 2007."
      ["pubDate"]=>
      string(31) "Thu, 26 Jul 2007 10:51:50 -0400"
    }
    [65]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(132) "Security is not an option - but it may be time to start viewing it as a business enabler, rather than just a cost of doing business."
      ["pubDate"]=>
      string(31) "Tue, 24 Jul 2007 15:28:42 -0400"
    }
    [66]=>
    array(4) {
      ["title"]=>
      string(57) "CERT Secure Coding Tutorial at SANS Network Security 2007"
      ["link"]=>
      string(19) "http://www.cert.org"
      ["description"]=>
      string(143) "Robert Seacord will conduct a tutorial, "Secure Coding in C and C++" on September 29 - 30, 2007 at SANS Network Security 2007 in Las Vegas, NV."
      ["pubDate"]=>
      string(31) "Tue, 24 Jul 2007 14:06:51 -0400"
    }
    [67]=>
    array(4) {
      ["title"]=>
      string(57) "The Use of Malware Analysis in Support of Law Enforcement"
      ["link"]=>
      string(48) "http://www.cert.org/archive/pdf/malware-7-07.pdf"
      ["description"]=>
      string(164) "This paper explains how examining artifacts of a computer intrusion, such as malicious code, can identify clues to further investigation of computer-related crimes."
      ["pubDate"]=>
      string(31) "Wed, 11 Jul 2007 14:10:56 -0400"
    }
    [68]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(27) "http://www.cert.org/podcast"
      ["description"]=>
      string(115) "Business leaders can use international standards to create a business- and risk-based information security program."
      ["pubDate"]=>
      string(31) "Tue, 10 Jul 2007 11:41:00 -0400"
    }
    [69]=>
    array(4) {
      ["title"]=>
      string(44) "CERT Secure Coding Tutorial at SANSFIRE 2007"
      ["link"]=>
      string(94) "http://www.sans.org/sansfire07/description.php?tid=902&portal=6f34a766fa9e3ceeb565e92155aa06f5"
      ["description"]=>
      string(184) "Robert Seacord will conduct a one-day tutorial, "Secure Coding in C and C++," on July 25, 2007 at SANSFIRE 2007 in Washington, DC. More details are available on the SANSFIRE 2007 site."
      ["pubDate"]=>
      string(31) "Mon, 02 Jul 2007 14:50:59 -0400"
    }
    [70]=>
    array(4) {
      ["title"]=>
      string(11) "New PGP Key"
      ["link"]=>
      string(40) "http://www.cert.org/pgp/newpgp2007b.html"
      ["description"]=>
      string(71) "The CERT/CC has issued a new PGP key.  It is valid until June 30, 2008."
      ["pubDate"]=>
      string(31) "Thu, 28 Jun 2007 16:19:32 -0400"
    }
    [71]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(148) "Enterprise security governance is not just a vague idea - it can be achieved by implementing a defined, repeatable process with specific activities."
      ["pubDate"]=>
      string(31) "Tue, 26 Jun 2007 11:44:59 -0400"
    }
    [72]=>
    array(4) {
      ["title"]=>
      string(25) "FBI Charges "Bot-Herders""
      ["link"]=>
      string(67) "http://www.cert.orghttp://www.fbi.gov/page2/june07/botnet061307.htm"
      ["description"]=>
      string(158) "The FBI has identified about 1 million computers across the country that have been compromised by botnets. Learn how to identify, report, and prevent attacks."
      ["pubDate"]=>
      string(31) "Wed, 13 Jun 2007 12:44:22 -0400"
    }
    [73]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(110) "Deploying common solutions for physical and IT security is a cost-effective way to reduce risk and save money."
      ["pubDate"]=>
      string(31) "Tue, 12 Jun 2007 11:13:40 -0400"
    }
    [74]=>
    array(4) {
      ["title"]=>
      string(50) "Incident Management Capability Metrics Version 0.1"
      ["link"]=>
      string(43) "http://www.cert.org/archive/pdf/07tr008.pdf"
      ["description"]=>
      string(92) "The metrics presented in this document provide a benchmark of incident management practices."
      ["pubDate"]=>
      string(31) "Tue, 05 Jun 2007 17:53:35 -0400"
    }
    [75]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(27) "http://www.cert.org/podcast"
      ["description"]=>
      string(141) "Organizations occasionally may need to redefine their IT infrastructures - but to succeed, they must be prepared to handle tricky situations."
      ["pubDate"]=>
      string(31) "Tue, 29 May 2007 09:57:00 -0400"
    }
    [76]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(128) "As the legal compliance landscape grows increasingly complex, de-identification can help organizations share data more securely."
      ["pubDate"]=>
      string(31) "Tue, 15 May 2007 11:49:29 -0400"
    }
    [77]=>
    array(4) {
      ["title"]=>
      string(22) "Resiliency Engineering"
      ["link"]=>
      string(43) "http://www.cert.org/resiliency_engineering/"
      ["description"]=>
      string(87) "New information about CERT's security and resiliency engineering work is now available."
      ["pubDate"]=>
      string(31) "Thu, 03 May 2007 17:14:10 -0400"
    }
    [78]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(143) "Business leaders need to ensure that their organizations can keep critical processes and services up and running in the face of the unexpected."
      ["pubDate"]=>
      string(31) "Tue, 01 May 2007 09:45:17 -0400"
    }
    [79]=>
    array(4) {
      ["title"]=>
      string(23) "CERT Statistics Updated"
      ["link"]=>
      string(41) "http://www.cert.org/stats/cert_stats.html"
      ["description"]=>
      string(86) "The CERT statistics have been updated with the numbers from the first quarter of 2007."
      ["pubDate"]=>
      string(31) "Mon, 30 Apr 2007 13:58:18 -0400"
    }
    [80]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(117) "Computer forensics is a critical part of incident response, and business leaders need to understand how to tackle it."
      ["pubDate"]=>
      string(31) "Tue, 17 Apr 2007 10:41:06 -0400"
    }
    [81]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(107) "Incident management is a cross-enterprise effort requiring good communication and informed risk management."
      ["pubDate"]=>
      string(31) "Tue, 03 Apr 2007 12:55:52 -0400"
    }
    [82]=>
    array(4) {
      ["title"]=>
      string(24) "Podcast series ranks #10"
      ["link"]=>
      string(19) "http://www.cert.org"
      ["description"]=>
      string(106) "The Security for Business Leaders podcast series came in at #10 on Podcast Bunker's Top 20 list last week."
      ["pubDate"]=>
      string(31) "Thu, 29 Mar 2007 10:29:58 -0400"
    }
    [83]=>
    array(4) {
      ["title"]=>
      string(11) "New PGP Key"
      ["link"]=>
      string(39) "http://www.cert.org/pgp/newpgp2007.html"
      ["description"]=>
      string(71) "The CERT/CC has issued a new PGP key. It is valid until March 21, 2008."
      ["pubDate"]=>
      string(31) "Fri, 23 Mar 2007 16:03:26 -0400"
    }
    [84]=>
    array(4) {
      ["title"]=>
      string(66) "Article 2: Defining an Effective Enterprise Security Program (ESP)"
      ["link"]=>
      string(49) "http://www.cert.org/archive/pdf/GES_IG_2_0703.pdf"
      ["description"]=>
      string(190) "This second article in the Governing for Enterprise Security Impelementation Guide series defines the components and sequence of activities in an effective Enterprise Security Program (ESP)."
      ["pubDate"]=>
      string(31) "Fri, 23 Mar 2007 10:15:16 -0400"
    }
    [85]=>
    array(4) {
      ["title"]=>
      string(52) "Article 3: Enterprise Security Governance Activities"
      ["link"]=>
      string(49) "http://www.cert.org/archive/pdf/GES_IG_3_0703.pdf"
      ["description"]=>
      string(174) "This third article in the Governing for Enterprise Security Implementation Guide series elaborates on the governance-based activities necessary to achieve and sustain an ESP."
      ["pubDate"]=>
      string(31) "Fri, 23 Mar 2007 10:13:20 -0400"
    }
    [86]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(124) "Business leaders, including legal counsel, need to understand how to tackle complex security issues for a global enterprise."
      ["pubDate"]=>
      string(31) "Tue, 20 Mar 2007 13:24:30 -0400"
    }
    [87]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(150) "System administrators increasingly need business savvy in addition to technical skills, and IT training courses must try to keep pace with this trend."
      ["pubDate"]=>
      string(31) "Tue, 06 Mar 2007 10:25:28 -0500"
    }
    [88]=>
    array(4) {
      ["title"]=>
      string(33) "Governing for Enterprise Security"
      ["link"]=>
      string(31) "http://www.cert.org/governance/"
      ["description"]=>
      string(177) "This new section of the web site highlights research and development in the enterprise security realm. It includes the new Governing for Enterprise Security Implementation Guide"
      ["pubDate"]=>
      string(31) "Tue, 20 Feb 2007 12:00:00 -0500"
    }
    [89]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(157) "This conversation discusses how business leaders can prepare to communicate with the media and their staff during a high-profile security incident or crisis."
      ["pubDate"]=>
      string(31) "Tue, 20 Feb 2007 12:00:00 -0500"
    }
    [90]=>
    array(4) {
      ["title"]=>
      string(20) "New Podcast Released"
      ["link"]=>
      string(28) "http://www.cert.org/podcast/"
      ["description"]=>
      string(119) "This conversation discusses innovative analysis tools needed to assess complex organizational and technological issues."
      ["pubDate"]=>
      string(30) "Tue, 6 Feb 2007 12:00:00 -0500"
    }
    [91]=>
    array(4) {
      ["title"]=>
      string(61) "Collaboration Meeting for CSIRTs with National Responsibility"
      ["link"]=>
      string(55) "http://www.cert.org/csirts/national/conference2007.html"
      ["description"]=>
      string(187) "The CERT Coordination Center will be hosting a meeting of CSIRTs with national responsibility in Madrid, Spain from June 23 to June 25, 2007 after the FIRST annual conference in 
Seville."
      ["pubDate"]=>
      string(31) "Fri, 26 Jan 2007 12:00:00 -0500"
    }
  }
  ["items_count"]=>
  int(92)
}

9292string(5) "UTF-8"
UTF-8string(18) "CERT Announcements"
CERT Announcementsstring(37) "http://www.cert.org/nav/whatsnew.html"
http://www.cert.org/nav/whatsnew.htmlstring(46) "Announcements: What's New on the CERT web site"
Announcements: What's New on the CERT web sitestring(5) "en-us"
en-usarray(92) { [0]=> array(4) { ["title"]=> string(36) "Java Secure Coding Standard Released" ["link"]=> string(90) "https://www.securecoding.cert.org/confluence/display/java/CERT+Java+Secure+Coding+Standard" ["description"]=> string(263) "CERT has released the Java Secure Coding Standard in addition to existing secure coding standards for the C and C++ programming languages. CERT invites the Java community to participate in this effort by reviewing content in the Java space and providing comments." ["pubDate"]=> string(31) "Mon, 08 Sep 2008 15:15:00 -0400" } [1]=> array(4) { ["title"]=> string(27) "New Technical Note Released" ["link"]=> string(62) "http://www.cert.orghttp://www.cert.org/archive/pdf/08tn017.pdf" ["description"]=> string(213) "Computer Forensics: Results of Live Response Inquiry vs. Memory Image Analysis presents a live response scenario and compares various approaches and tools used to capture and analyze evidence from computer memory." ["pubDate"]=> string(31) "Tue, 02 Sep 2008 15:46:50 -0400" } [2]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(98) "Well-defined metrics are essential to determine which security practices are worth the investment." ["pubDate"]=> string(31) "Tue, 02 Sep 2008 10:16:44 -0400" } [3]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(139) "Software security is accomplished by thinking like an attacker and integrating security practices into your software development lifecycle." ["pubDate"]=> string(31) "Wed, 20 Aug 2008 09:55:06 -0400" } [4]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(110) "Protecting critical infrastructures and the information they use are essential for preserving our way of life." ["pubDate"]=> string(31) "Tue, 05 Aug 2008 13:22:13 -0400" } [5]=> array(4) { ["title"]=> string(23) "CERT Statistics Updated" ["link"]=> string(26) "http://www.cert.org/stats/" ["description"]=> string(83) "The CERT statistics have been updated with numbers from the second quarter of 2008." ["pubDate"]=> string(31) "Tue, 29 Jul 2008 15:11:11 -0400" } [6]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(113) "Determining which security vulnerabilities to address should be based on the importance of the information asset." ["pubDate"]=> string(31) "Tue, 22 Jul 2008 11:39:55 -0400" } [7]=> array(3) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["pubDate"]=> string(31) "Tue, 22 Jul 2008 11:35:23 -0400" } [8]=> array(4) { ["title"]=> string(27) "CERT Autoresponder Disabled" ["link"]=> string(19) "http://www.cert.org" ["description"]=> string(258) "Because of ongoing problems with the autoresponder messages being interpreted as spam, we have decided to discontinue providing an automatic acknowledgement of email sent to cert@cert.org. This change does not affect how we handle email sent to that address." ["pubDate"]=> string(31) "Fri, 18 Jul 2008 11:22:39 -0400" } [9]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(139) "During requirements engineering, software engineers need to think deeply about (and document) how software should behave when under attack." ["pubDate"]=> string(31) "Tue, 08 Jul 2008 10:54:21 -0400" } [10]=> array(4) { ["title"]=> string(51) "Winners of Best Practices Security Awards Announced" ["link"]=> string(53) "http://www.cert.org/csirts/national/contest_2008.html" ["description"]=> string(176) "The winning papers from the first international competition honoring best practices and advances in safeguarding the security of computer systems and networks have been posted." ["pubDate"]=> string(31) "Fri, 27 Jun 2008 11:58:07 -0400" } [11]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(97) "Targeted, innovative communications and a robust life cycle are keys for security policy success." ["pubDate"]=> string(31) "Tue, 24 Jun 2008 11:00:03 -0400" } [12]=> array(4) { ["title"]=> string(100) "Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools Published" ["link"]=> string(43) "http://www.cert.org/archive/pdf/08tr014.pdf" ["description"]=> string(250) "This report describes a study conducted by the CERT Secure Coding Initiative and JPCERT to evaluate the efficacy of the CERT Secure Coding Standards and source code analysis tools in improving the quality and security of commercial software projects." ["pubDate"]=> string(31) "Tue, 17 Jun 2008 11:35:48 -0400" } [13]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(113) "Managing software that is developed by an outside organization can be more challenging than building it yourself." ["pubDate"]=> string(31) "Tue, 10 Jun 2008 11:19:16 -0400" } [14]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(127) "Software security is about building better, more defect-free software to reduce vulnerabilities that are targeted by attackers." ["pubDate"]=> string(31) "Tue, 27 May 2008 11:52:08 -0400" } [15]=> array(4) { ["title"]=> string(23) "New CERT PGP Public Key" ["link"]=> string(49) "http://www.cert.org/contact_cert/encryptmail.html" ["description"]=> string(91) "CERT has updated its PGP public key. We strongly urge you to encrypt sensitive information." ["pubDate"]=> string(31) "Fri, 23 May 2008 15:44:07 -0400" } [16]=> array(4) { ["title"]=> string(47) "Making the Business Case for Software Assurance" ["link"]=> string(66) "http://www.cert.orghttp://www.sei.cmu.edu/community/assurance.html" ["description"]=> string(251) "This one-day workshop will explore methods for capturing development costs and benefits associated with software assurance and making the case to executive management. A call for papers has been posted; registration information will soon be available." ["pubDate"]=> string(31) "Thu, 15 May 2008 13:35:04 -0400" } [17]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(123) "High performing organizations effectively integrate information security controls into mainstream IT operational processes." ["pubDate"]=> string(31) "Tue, 13 May 2008 11:07:30 -0400" } [18]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(105) "Helping your staff learn how to identify social engineering attempts is the first step in thwarting them." ["pubDate"]=> string(31) "Tue, 29 Apr 2008 14:37:46 -0400" } [19]=> array(4) { ["title"]=> string(37) "Vulnerability Analysis Blog Published" ["link"]=> string(31) "http://www.cert.org/blogs/vuls/" ["description"]=> string(116) "In a new blog on the CERT website, CERT staff members will address various issues related to vulnerability analysis." ["pubDate"]=> string(31) "Fri, 18 Apr 2008 12:41:55 -0400" } [20]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(119) "Benchmark results can be used to compare with peers, drive performance, and help determine how much security is enough." ["pubDate"]=> string(31) "Tue, 15 Apr 2008 12:49:22 -0400" } [21]=> array(4) { ["title"]=> string(23) "CERT Statistics Updated" ["link"]=> string(26) "http://www.cert.org/stats/" ["description"]=> string(82) "The CERT statistics have been updated with numbers from the first quarter of 2008." ["pubDate"]=> string(31) "Mon, 14 Apr 2008 12:26:34 -0400" } [22]=> array(4) { ["title"]=> string(72) "CERT Authors Publish Book About Building Security into Software Products" ["link"]=> string(100) "http://www.cert.orghttp://www.sei.cmu.edu/publications/books/cert/software-security-engineering.html" ["description"]=> string(238) "Software Security Engineering: A Guide for Project Managers will be published by Addison-Wesley in early May 2008. The book shows project managers how to build security into their software products throughout the development life cycle." ["pubDate"]=> string(31) "Tue, 01 Apr 2008 15:12:28 -0400" } [23]=> array(4) { ["title"]=> string(50) "Reminder: Entries for Security Awards Due April 30" ["link"]=> string(68) "http://www.cert.orghttp://www.first.org/conference/2008/contest.html" ["description"]=> string(225) "Submissions for the first international competition honoring best practices and advances in safeguarding the security of computer systems and networks are due by April 30. The contest is being hosted by FIRST and the CERT/CC." ["pubDate"]=> string(31) "Tue, 01 Apr 2008 14:08:07 -0400" } [24]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(146) "Aligning with business objectives, integrating with enterprise risks, and collaborating with stakeholders are key to ensuring information privacy." ["pubDate"]=> string(31) "Tue, 01 Apr 2008 12:43:36 -0400" } [25]=> array(4) { ["title"]=> string(68) "Incident Management Mission Diagnostic Method, Version 1.0 Published" ["link"]=> string(62) "http://www.cert.orghttp://www.cert.org/archive/pdf/08tr007.pdf" ["description"]=> string(137) "This report presents a risk-based approach for determining the potential for success of an organization's incident management capability." ["pubDate"]=> string(31) "Mon, 31 Mar 2008 11:29:16 -0400" } [26]=> array(4) { ["title"]=> string(30) "CERT Sponsors FIRST Conference" ["link"]=> string(56) "http://www.cert.orghttp://www.first.org/conference/2008/" ["description"]=> string(176) "CERT is a sponsor for the 2008 FIRST Conference, which will be held in Canada in June. This year marks the 20th annual FIRST conference as well as the 20th anniversary of CERT." ["pubDate"]=> string(31) "Fri, 28 Mar 2008 11:59:12 -0400" } [27]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(137) "A sound security metrics program is grounded in selecting data that is relevant to consumers and collecting it from repeatable processes." ["pubDate"]=> string(31) "Tue, 18 Mar 2008 09:58:37 -0400" } [28]=> array(4) { ["title"]=> string(55) "CERT Resiliency Engineering Framework, v0.95R Available" ["link"]=> string(57) "http://www.cert.org/resiliency_engineering/framework.html" ["description"]=> string(138) "A draft version of the CERT Resiliency Engineering Framework is now available. We welcome and encourage your feedback on these materials." ["pubDate"]=> string(31) "Mon, 17 Mar 2008 10:58:45 -0400" } [29]=> array(4) { ["title"]=> string(42) "2007 CERT Research Annual Report Published" ["link"]=> string(52) "http://www.cert.org/research/2007research-report.pdf" ["description"]=> string(222) "CERT is developing theoretical foundations and engineering methods to help ensure the security of critical systems and networks. This report describes progress in CERT research projects and opportunities for collaboration." ["pubDate"]=> string(31) "Thu, 06 Mar 2008 10:36:25 -0500" } [30]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(134) "Significant insider threat vulnerabilities can be introduced (and mitigated) during all phases of the software development life cycle." ["pubDate"]=> string(31) "Tue, 04 Mar 2008 10:27:36 -0500" } [31]=> array(4) { ["title"]=> string(108) "FIRST and Carnegie Mellon Software Enginnering Institute CERT Coordination Center Unveil New Security Awards" ["link"]=> string(68) "http://www.cert.orghttp://www.first.org/conference/2008/contest.html" ["description"]=> string(306) "The first-ever international competition honoring best practices and advances in safeguarding the security of computer systems and networks is announced today by the Forum of Incident Response and Security Teams (FIRST) and Carnegie Software Engineering Institute (SEI) CERT Coordination Center (CERT/CC)." ["pubDate"]=> string(31) "Tue, 26 Feb 2008 09:12:17 -0500" } [32]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(108) "Business leaders need to understand the risks to their organizations caused by the proliferation of botnets." ["pubDate"]=> string(31) "Tue, 19 Feb 2008 11:20:14 -0500" } [33]=> array(4) { ["title"]=> string(69) "CERT to Participate in Second Annual Counter eCrime Operations Summit" ["link"]=> string(80) "http://www.cert.orghttp://www.antiphishing.org/events/2008_operationsSummit.html" ["description"]=> string(93) "CERT will be participating in the Counter eCrime Operations Summit II May 26-27 Tokyo, Japan." ["pubDate"]=> string(31) "Thu, 14 Feb 2008 11:30:38 -0500" } [34]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(159) "Selecting and reporting meaningful security metrics depend on picking topics of great interest, defining the business context, and having access to sound data." ["pubDate"]=> string(31) "Tue, 05 Feb 2008 10:47:48 -0500" } [35]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(159) "Selecting and reporting meaningful security metrics depend on picking topics of great interest, defining the business context, and having access to sound data." ["pubDate"]=> string(31) "Tue, 05 Feb 2008 10:38:57 -0500" } [36]=> array(4) { ["title"]=> string(39) "SQUARE Instructional Materials Released" ["link"]=> string(54) "http://www.cert.org/sse/square/square-description.html" ["description"]=> string(140) "Workshop, tutorial, and academic educational materials on SQUARE (Security Quality Requirements Engineering) are now available for download." ["pubDate"]=> string(31) "Tue, 22 Jan 2008 10:54:03 -0500" } [37]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(120) "Peer-to-peer networks are being used today to unintentionally disclose government, commercial, and personal information." ["pubDate"]=> string(31) "Tue, 22 Jan 2008 10:20:34 -0500" } [38]=> array(4) { ["title"]=> string(23) "CERT Statistics Updated" ["link"]=> string(26) "http://www.cert.org/stats/" ["description"]=> string(91) "The numbers from the fourth quarter have been incorporated, completing the 2007 statistics." ["pubDate"]=> string(31) "Tue, 15 Jan 2008 16:29:00 -0500" } [39]=> array(4) { ["title"]=> string(31) "Insider Threat Studies Released" ["link"]=> string(35) "http://www.cert.org/insider_threat/" ["description"]=> string(324) "Insider Threat Study: Illicit Cyber Activity in the Government Sector and Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector have been released. These reports present the findings of research efforts to examine reported insider incidents within their respective sectors." ["pubDate"]=> string(31) "Wed, 09 Jan 2008 08:54:15 -0500" } [40]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(110) "Directors and senior executives are personally accountable for protecting information entrusted to their care." ["pubDate"]=> string(31) "Tue, 08 Jan 2008 10:24:08 -0500" } [41]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(120) "Internal Audit can serve a key role in putting an effective information security program in place, and keeping it there." ["pubDate"]=> string(31) "Mon, 10 Dec 2007 22:22:17 -0500" } [42]=> array(4) { ["title"]=> string(30) "FloCon 2008 Schedule Available" ["link"]=> string(41) "http://www.cert.org/flocon/2008/schedule/" ["description"]=> string(62) "The schedule for the FloCon 2008 conference has been released." ["pubDate"]=> string(31) "Thu, 29 Nov 2007 12:43:57 -0500" } [43]=> array(4) { ["title"]=> string(47) "FBI Announces Results of Operation Bot Roast II" ["link"]=> string(67) "http://www.cert.orghttp://www.fbi.gov/page2/nov07/botnet112907.html" ["description"]=> string(256) "In the second phase of the FBI investigation of botnets, 8 people were indicted, pled guilty, or were sentenced. So far, more than $20 million in losses and more than 1 million victim computers have been identified. Learn how to prevent and report attacks." ["pubDate"]=> string(31) "Thu, 29 Nov 2007 11:14:16 -0500" } [44]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(147) "Information security degree programs are proliferating, but what do they really offer business leaders who are seeking knowledgeable employees?" ["pubDate"]=> string(31) "Tue, 27 Nov 2007 12:22:15 -0500" } [45]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(136) "Information security risk assessment, performed in concert with operational risk management, can contribute to compliance as an outcome." ["pubDate"]=> string(31) "Tue, 13 Nov 2007 12:11:08 -0500" } [46]=> array(4) { ["title"]=> string(83) "CERT NetSA Group Participates in Anti-Phishing Working Group eCrime Research Summit" ["link"]=> string(26) "http://www.cert.org/netsa/" ["description"]=> string(292) "Members of the CERT Network Situational Awarness Group presented Fishing for Phishes: Applying Capture-Recaputre Methods to Estimate Phishing Populations at the APWG eCrime Researchers Summit. They also participated in the Report out and Panel: Uncleanliness: Quantifying network reputation." ["pubDate"]=> string(31) "Thu, 01 Nov 2007 11:54:42 -0400" } [47]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(165) "Business Leaders can play a key role in computer forensics by establishing strong policies and proactively testing to ensure those policies work in tough situations." ["pubDate"]=> string(31) "Tue, 30 Oct 2007 11:55:11 -0400" } [48]=> array(4) { ["title"]=> string(23) "CERT Statistics Updated" ["link"]=> string(26) "http://www.cert.org/stats/" ["description"]=> string(82) "The CERT statistics have been updated with numbers from the third quarter of 2007." ["pubDate"]=> string(31) "Tue, 16 Oct 2007 14:45:14 -0400" } [49]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(141) "A business resilience argument can bridge the communication gap that often exists between information security officers and business leaders." ["pubDate"]=> string(31) "Tue, 16 Oct 2007 11:19:12 -0400" } [50]=> array(4) { ["title"]=> string(43) "Vodcast - Secure Coding Initiative: Project" ["link"]=> string(54) "http://www.cert.org/vodcast/secure-coding/project.html" ["description"]=> string(51) "Robert Seacord discusses the Secure Coding project." ["pubDate"]=> string(31) "Tue, 09 Oct 2007 11:17:59 -0400" } [51]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(180) "By taking a holistic view of business resilience - similar in many ways to classical engineering - business leaders can help their operations stand up to known and unknown threats." ["pubDate"]=> string(31) "Tue, 02 Oct 2007 11:33:23 -0400" } [52]=> array(4) { ["title"]=> string(34) "FloCon 2008 Call for Presentations" ["link"]=> string(42) "http://www.cert.org/flocon/2008/index.html" ["description"]=> string(136) "The submission deadline for FloCon 2008 is fast approaching! Send a description of your presentation in before midnight October 5, 2007." ["pubDate"]=> string(31) "Fri, 21 Sep 2007 10:01:39 -0400" } [53]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(126) "It's easy to think of security as a collection of technologies and tools - but people are the real key to any security effort." ["pubDate"]=> string(31) "Tue, 18 Sep 2007 11:23:42 -0400" } [54]=> array(4) { ["title"]=> string(46) "Ranged Integers for the C Programming Language" ["link"]=> string(43) "http://www.cert.org/archive/pdf/07tn027.pdf" ["description"]=> string(163) "This report describes an extension to the C programming language to introduce the notion of ranged integers, that is, integer types with a defined range of values." ["pubDate"]=> string(31) "Thu, 13 Sep 2007 09:48:48 -0400" } [55]=> array(4) { ["title"]=> string(87) "Resiliency Engineering Framework and Service Oriented Architecture Information Sessions" ["link"]=> string(60) "http://www.cert.org/resiliency_engineering/index.html#events" ["description"]=> string(308) "Special information sessions for technical managers, software engineers, and decision makers on the CERT Resiliency Engineering Framework (REF) and Service Oriented Architecture (SOA) are scheduled for October 16 in Frankfurt, Germany, and October 18 in London. More information is available on the SEI site." ["pubDate"]=> string(31) "Wed, 12 Sep 2007 15:27:04 -0400" } [56]=> array(4) { ["title"]=> string(25) "2007 E-Crime Watch Survey" ["link"]=> string(51) "http://www.cert.org/archive/pdf/ecrimesummary07.pdf" ["description"]=> string(114) "The 4th annual E-Crime Watch Survey has been released by CERT, the US Secret Service, CSO Magazine, and Microsoft." ["pubDate"]=> string(31) "Tue, 11 Sep 2007 08:45:08 -0400" } [57]=> array(4) { ["title"]=> string(37) "Vodcast: Secure Coding Standards Work" ["link"]=> string(56) "http://www.cert.org/vodcast/secure-coding/standards.html" ["description"]=> string(130) "Robert Seacord talks about the development of secure coding rules and recommendations for C, C++. and other programming languages." ["pubDate"]=> string(31) "Fri, 07 Sep 2007 13:05:04 -0400" } [58]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(150) "Given that you can't secure everything, managing security risk to a "commercially reasonable degree" can lead to the best possible solution." ["pubDate"]=> string(31) "Tue, 04 Sep 2007 15:39:52 -0400" } [59]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(166) "Business leaders can use national CSIRTs (Computer Security Incident Response Teams) as a key resource when dealing with incidents with a national or worldwide scope." ["pubDate"]=> string(31) "Tue, 21 Aug 2007 11:43:44 -0400" } [60]=> array(4) { ["title"]=> string(66) "Vodcast: Training Provided through CERT's Secure Coding Initiative" ["link"]=> string(41) "http://www.cert.org/vodcast/training.html" ["description"]=> string(84) "Robert Seacord discusses CERT's offerings in the realm of training in secure coding." ["pubDate"]=> string(31) "Tue, 07 Aug 2007 11:43:24 -0400" } [61]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(121) "Information security costs can be significantly reduced by enforcing standard configurations for widely deployed systems." ["pubDate"]=> string(31) "Tue, 07 Aug 2007 11:19:59 -0400" } [62]=> array(4) { ["title"]=> string(55) "Beta Implementation of Managed String Library Released" ["link"]=> string(52) "http://www.cert.org/secure-coding/managedstring.html" ["description"]=> string(151) "The beta version of the managed string library, developed to improve the quality and security of newly developed C-language programs, is now available." ["pubDate"]=> string(31) "Thu, 02 Aug 2007 16:03:53 -0400" } [63]=> array(4) { ["title"]=> string(33) "Microsoft Recognizes CERT Analyst" ["link"]=> string(66) "http://www.microsoft.com/technet/security/acknowledge/default.mspx" ["description"]=> string(210) "Microsoft has acknowledged Will Dormann of the CERT/CC for identifying and helping to remediate security vulnerabilities in their online services. Will is one of eleven individuals recognized for their efforts." ["pubDate"]=> string(31) "Thu, 02 Aug 2007 11:55:15 -0400" } [64]=> array(4) { ["title"]=> string(23) "CERT Statistics Updated" ["link"]=> string(26) "http://www.cert.org/stats/" ["description"]=> string(106) "The layout of the statistics has been updated, and numbers have been added for the second quarter of 2007." ["pubDate"]=> string(31) "Thu, 26 Jul 2007 10:51:50 -0400" } [65]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(132) "Security is not an option - but it may be time to start viewing it as a business enabler, rather than just a cost of doing business." ["pubDate"]=> string(31) "Tue, 24 Jul 2007 15:28:42 -0400" } [66]=> array(4) { ["title"]=> string(57) "CERT Secure Coding Tutorial at SANS Network Security 2007" ["link"]=> string(19) "http://www.cert.org" ["description"]=> string(143) "Robert Seacord will conduct a tutorial, "Secure Coding in C and C++" on September 29 - 30, 2007 at SANS Network Security 2007 in Las Vegas, NV." ["pubDate"]=> string(31) "Tue, 24 Jul 2007 14:06:51 -0400" } [67]=> array(4) { ["title"]=> string(57) "The Use of Malware Analysis in Support of Law Enforcement" ["link"]=> string(48) "http://www.cert.org/archive/pdf/malware-7-07.pdf" ["description"]=> string(164) "This paper explains how examining artifacts of a computer intrusion, such as malicious code, can identify clues to further investigation of computer-related crimes." ["pubDate"]=> string(31) "Wed, 11 Jul 2007 14:10:56 -0400" } [68]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(27) "http://www.cert.org/podcast" ["description"]=> string(115) "Business leaders can use international standards to create a business- and risk-based information security program." ["pubDate"]=> string(31) "Tue, 10 Jul 2007 11:41:00 -0400" } [69]=> array(4) { ["title"]=> string(44) "CERT Secure Coding Tutorial at SANSFIRE 2007" ["link"]=> string(94) "http://www.sans.org/sansfire07/description.php?tid=902&portal=6f34a766fa9e3ceeb565e92155aa06f5" ["description"]=> string(184) "Robert Seacord will conduct a one-day tutorial, "Secure Coding in C and C++," on July 25, 2007 at SANSFIRE 2007 in Washington, DC. More details are available on the SANSFIRE 2007 site." ["pubDate"]=> string(31) "Mon, 02 Jul 2007 14:50:59 -0400" } [70]=> array(4) { ["title"]=> string(11) "New PGP Key" ["link"]=> string(40) "http://www.cert.org/pgp/newpgp2007b.html" ["description"]=> string(71) "The CERT/CC has issued a new PGP key. It is valid until June 30, 2008." ["pubDate"]=> string(31) "Thu, 28 Jun 2007 16:19:32 -0400" } [71]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(148) "Enterprise security governance is not just a vague idea - it can be achieved by implementing a defined, repeatable process with specific activities." ["pubDate"]=> string(31) "Tue, 26 Jun 2007 11:44:59 -0400" } [72]=> array(4) { ["title"]=> string(25) "FBI Charges "Bot-Herders"" ["link"]=> string(67) "http://www.cert.orghttp://www.fbi.gov/page2/june07/botnet061307.htm" ["description"]=> string(158) "The FBI has identified about 1 million computers across the country that have been compromised by botnets. Learn how to identify, report, and prevent attacks." ["pubDate"]=> string(31) "Wed, 13 Jun 2007 12:44:22 -0400" } [73]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(110) "Deploying common solutions for physical and IT security is a cost-effective way to reduce risk and save money." ["pubDate"]=> string(31) "Tue, 12 Jun 2007 11:13:40 -0400" } [74]=> array(4) { ["title"]=> string(50) "Incident Management Capability Metrics Version 0.1" ["link"]=> string(43) "http://www.cert.org/archive/pdf/07tr008.pdf" ["description"]=> string(92) "The metrics presented in this document provide a benchmark of incident management practices." ["pubDate"]=> string(31) "Tue, 05 Jun 2007 17:53:35 -0400" } [75]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(27) "http://www.cert.org/podcast" ["description"]=> string(141) "Organizations occasionally may need to redefine their IT infrastructures - but to succeed, they must be prepared to handle tricky situations." ["pubDate"]=> string(31) "Tue, 29 May 2007 09:57:00 -0400" } [76]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(128) "As the legal compliance landscape grows increasingly complex, de-identification can help organizations share data more securely." ["pubDate"]=> string(31) "Tue, 15 May 2007 11:49:29 -0400" } [77]=> array(4) { ["title"]=> string(22) "Resiliency Engineering" ["link"]=> string(43) "http://www.cert.org/resiliency_engineering/" ["description"]=> string(87) "New information about CERT's security and resiliency engineering work is now available." ["pubDate"]=> string(31) "Thu, 03 May 2007 17:14:10 -0400" } [78]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(143) "Business leaders need to ensure that their organizations can keep critical processes and services up and running in the face of the unexpected." ["pubDate"]=> string(31) "Tue, 01 May 2007 09:45:17 -0400" } [79]=> array(4) { ["title"]=> string(23) "CERT Statistics Updated" ["link"]=> string(41) "http://www.cert.org/stats/cert_stats.html" ["description"]=> string(86) "The CERT statistics have been updated with the numbers from the first quarter of 2007." ["pubDate"]=> string(31) "Mon, 30 Apr 2007 13:58:18 -0400" } [80]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(117) "Computer forensics is a critical part of incident response, and business leaders need to understand how to tackle it." ["pubDate"]=> string(31) "Tue, 17 Apr 2007 10:41:06 -0400" } [81]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(107) "Incident management is a cross-enterprise effort requiring good communication and informed risk management." ["pubDate"]=> string(31) "Tue, 03 Apr 2007 12:55:52 -0400" } [82]=> array(4) { ["title"]=> string(24) "Podcast series ranks #10" ["link"]=> string(19) "http://www.cert.org" ["description"]=> string(106) "The Security for Business Leaders podcast series came in at #10 on Podcast Bunker's Top 20 list last week." ["pubDate"]=> string(31) "Thu, 29 Mar 2007 10:29:58 -0400" } [83]=> array(4) { ["title"]=> string(11) "New PGP Key" ["link"]=> string(39) "http://www.cert.org/pgp/newpgp2007.html" ["description"]=> string(71) "The CERT/CC has issued a new PGP key. It is valid until March 21, 2008." ["pubDate"]=> string(31) "Fri, 23 Mar 2007 16:03:26 -0400" } [84]=> array(4) { ["title"]=> string(66) "Article 2: Defining an Effective Enterprise Security Program (ESP)" ["link"]=> string(49) "http://www.cert.org/archive/pdf/GES_IG_2_0703.pdf" ["description"]=> string(190) "This second article in the Governing for Enterprise Security Impelementation Guide series defines the components and sequence of activities in an effective Enterprise Security Program (ESP)." ["pubDate"]=> string(31) "Fri, 23 Mar 2007 10:15:16 -0400" } [85]=> array(4) { ["title"]=> string(52) "Article 3: Enterprise Security Governance Activities" ["link"]=> string(49) "http://www.cert.org/archive/pdf/GES_IG_3_0703.pdf" ["description"]=> string(174) "This third article in the Governing for Enterprise Security Implementation Guide series elaborates on the governance-based activities necessary to achieve and sustain an ESP." ["pubDate"]=> string(31) "Fri, 23 Mar 2007 10:13:20 -0400" } [86]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(124) "Business leaders, including legal counsel, need to understand how to tackle complex security issues for a global enterprise." ["pubDate"]=> string(31) "Tue, 20 Mar 2007 13:24:30 -0400" } [87]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(150) "System administrators increasingly need business savvy in addition to technical skills, and IT training courses must try to keep pace with this trend." ["pubDate"]=> string(31) "Tue, 06 Mar 2007 10:25:28 -0500" } [88]=> array(4) { ["title"]=> string(33) "Governing for Enterprise Security" ["link"]=> string(31) "http://www.cert.org/governance/" ["description"]=> string(177) "This new section of the web site highlights research and development in the enterprise security realm. It includes the new Governing for Enterprise Security Implementation Guide" ["pubDate"]=> string(31) "Tue, 20 Feb 2007 12:00:00 -0500" } [89]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(157) "This conversation discusses how business leaders can prepare to communicate with the media and their staff during a high-profile security incident or crisis." ["pubDate"]=> string(31) "Tue, 20 Feb 2007 12:00:00 -0500" } [90]=> array(4) { ["title"]=> string(20) "New Podcast Released" ["link"]=> string(28) "http://www.cert.org/podcast/" ["description"]=> string(119) "This conversation discusses innovative analysis tools needed to assess complex organizational and technological issues." ["pubDate"]=> string(30) "Tue, 6 Feb 2007 12:00:00 -0500" } [91]=> array(4) { ["title"]=> string(61) "Collaboration Meeting for CSIRTs with National Responsibility" ["link"]=> string(55) "http://www.cert.org/csirts/national/conference2007.html" ["description"]=> string(187) "The CERT Coordination Center will be hosting a meeting of CSIRTs with national responsibility in Madrid, Spain from June 23 to June 25, 2007 after the FIRST annual conference in Seville." ["pubDate"]=> string(31) "Fri, 26 Jan 2007 12:00:00 -0500" } }
Array ( [0] => Array ( [title] => Java Secure Coding Standard Released [link] => https://www.securecoding.cert.org/confluence/display/java/CERT+Java+Secure+Coding+Standard [description] => CERT has released the Java Secure Coding Standard in addition to existing secure coding standards for the C and C++ programming languages. CERT invites the Java community to participate in this effort by reviewing content in the Java space and providing comments. [pubDate] => Mon, 08 Sep 2008 15:15:00 -0400 ) [1] => Array ( [title] => New Technical Note Released [link] => http://www.cert.orghttp://www.cert.org/archive/pdf/08tn017.pdf [description] => Computer Forensics: Results of Live Response Inquiry vs. Memory Image Analysis presents a live response scenario and compares various approaches and tools used to capture and analyze evidence from computer memory. [pubDate] => Tue, 02 Sep 2008 15:46:50 -0400 ) [2] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => Well-defined metrics are essential to determine which security practices are worth the investment. [pubDate] => Tue, 02 Sep 2008 10:16:44 -0400 ) [3] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => Software security is accomplished by thinking like an attacker and integrating security practices into your software development lifecycle. [pubDate] => Wed, 20 Aug 2008 09:55:06 -0400 ) [4] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => Protecting critical infrastructures and the information they use are essential for preserving our way of life. [pubDate] => Tue, 05 Aug 2008 13:22:13 -0400 ) [5] => Array ( [title] => CERT Statistics Updated [link] => http://www.cert.org/stats/ [description] => The CERT statistics have been updated with numbers from the second quarter of 2008. [pubDate] => Tue, 29 Jul 2008 15:11:11 -0400 ) [6] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => Determining which security vulnerabilities to address should be based on the importance of the information asset. [pubDate] => Tue, 22 Jul 2008 11:39:55 -0400 ) [7] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [pubDate] => Tue, 22 Jul 2008 11:35:23 -0400 ) [8] => Array ( [title] => CERT Autoresponder Disabled [link] => http://www.cert.org [description] => Because of ongoing problems with the autoresponder messages being interpreted as spam, we have decided to discontinue providing an automatic acknowledgement of email sent to cert@cert.org. This change does not affect how we handle email sent to that address. [pubDate] => Fri, 18 Jul 2008 11:22:39 -0400 ) [9] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => During requirements engineering, software engineers need to think deeply about (and document) how software should behave when under attack. [pubDate] => Tue, 08 Jul 2008 10:54:21 -0400 ) [10] => Array ( [title] => Winners of Best Practices Security Awards Announced [link] => http://www.cert.org/csirts/national/contest_2008.html [description] => The winning papers from the first international competition honoring best practices and advances in safeguarding the security of computer systems and networks have been posted. [pubDate] => Fri, 27 Jun 2008 11:58:07 -0400 ) [11] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => Targeted, innovative communications and a robust life cycle are keys for security policy success. [pubDate] => Tue, 24 Jun 2008 11:00:03 -0400 ) [12] => Array ( [title] => Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools Published [link] => http://www.cert.org/archive/pdf/08tr014.pdf [description] => This report describes a study conducted by the CERT Secure Coding Initiative and JPCERT to evaluate the efficacy of the CERT Secure Coding Standards and source code analysis tools in improving the quality and security of commercial software projects. [pubDate] => Tue, 17 Jun 2008 11:35:48 -0400 ) [13] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => Managing software that is developed by an outside organization can be more challenging than building it yourself. [pubDate] => Tue, 10 Jun 2008 11:19:16 -0400 ) [14] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => Software security is about building better, more defect-free software to reduce vulnerabilities that are targeted by attackers. [pubDate] => Tue, 27 May 2008 11:52:08 -0400 ) [15] => Array ( [title] => New CERT PGP Public Key [link] => http://www.cert.org/contact_cert/encryptmail.html [description] => CERT has updated its PGP public key. We strongly urge you to encrypt sensitive information. [pubDate] => Fri, 23 May 2008 15:44:07 -0400 ) [16] => Array ( [title] => Making the Business Case for Software Assurance [link] => http://www.cert.orghttp://www.sei.cmu.edu/community/assurance.html [description] => This one-day workshop will explore methods for capturing development costs and benefits associated with software assurance and making the case to executive management. A call for papers has been posted; registration information will soon be available. [pubDate] => Thu, 15 May 2008 13:35:04 -0400 ) [17] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => High performing organizations effectively integrate information security controls into mainstream IT operational processes. [pubDate] => Tue, 13 May 2008 11:07:30 -0400 ) [18] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => Helping your staff learn how to identify social engineering attempts is the first step in thwarting them. [pubDate] => Tue, 29 Apr 2008 14:37:46 -0400 ) [19] => Array ( [title] => Vulnerability Analysis Blog Published [link] => http://www.cert.org/blogs/vuls/ [description] => In a new blog on the CERT website, CERT staff members will address various issues related to vulnerability analysis. [pubDate] => Fri, 18 Apr 2008 12:41:55 -0400 ) [20] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => Benchmark results can be used to compare with peers, drive performance, and help determine how much security is enough. [pubDate] => Tue, 15 Apr 2008 12:49:22 -0400 ) [21] => Array ( [title] => CERT Statistics Updated [link] => http://www.cert.org/stats/ [description] => The CERT statistics have been updated with numbers from the first quarter of 2008. [pubDate] => Mon, 14 Apr 2008 12:26:34 -0400 ) [22] => Array ( [title] => CERT Authors Publish Book About Building Security into Software Products [link] => http://www.cert.orghttp://www.sei.cmu.edu/publications/books/cert/software-security-engineering.html [description] => Software Security Engineering: A Guide for Project Managers will be published by Addison-Wesley in early May 2008. The book shows project managers how to build security into their software products throughout the development life cycle. [pubDate] => Tue, 01 Apr 2008 15:12:28 -0400 ) [23] => Array ( [title] => Reminder: Entries for Security Awards Due April 30 [link] => http://www.cert.orghttp://www.first.org/conference/2008/contest.html [description] => Submissions for the first international competition honoring best practices and advances in safeguarding the security of computer systems and networks are due by April 30. The contest is being hosted by FIRST and the CERT/CC. [pubDate] => Tue, 01 Apr 2008 14:08:07 -0400 ) [24] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => Aligning with business objectives, integrating with enterprise risks, and collaborating with stakeholders are key to ensuring information privacy. [pubDate] => Tue, 01 Apr 2008 12:43:36 -0400 ) [25] => Array ( [title] => Incident Management Mission Diagnostic Method, Version 1.0 Published [link] => http://www.cert.orghttp://www.cert.org/archive/pdf/08tr007.pdf [description] => This report presents a risk-based approach for determining the potential for success of an organization's incident management capability. [pubDate] => Mon, 31 Mar 2008 11:29:16 -0400 ) [26] => Array ( [title] => CERT Sponsors FIRST Conference [link] => http://www.cert.orghttp://www.first.org/conference/2008/ [description] => CERT is a sponsor for the 2008 FIRST Conference, which will be held in Canada in June. This year marks the 20th annual FIRST conference as well as the 20th anniversary of CERT. [pubDate] => Fri, 28 Mar 2008 11:59:12 -0400 ) [27] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => A sound security metrics program is grounded in selecting data that is relevant to consumers and collecting it from repeatable processes. [pubDate] => Tue, 18 Mar 2008 09:58:37 -0400 ) [28] => Array ( [title] => CERT Resiliency Engineering Framework, v0.95R Available [link] => http://www.cert.org/resiliency_engineering/framework.html [description] => A draft version of the CERT Resiliency Engineering Framework is now available. We welcome and encourage your feedback on these materials. [pubDate] => Mon, 17 Mar 2008 10:58:45 -0400 ) [29] => Array ( [title] => 2007 CERT Research Annual Report Published [link] => http://www.cert.org/research/2007research-report.pdf [description] => CERT is developing theoretical foundations and engineering methods to help ensure the security of critical systems and networks. This report describes progress in CERT research projects and opportunities for collaboration. [pubDate] => Thu, 06 Mar 2008 10:36:25 -0500 ) [30] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => Significant insider threat vulnerabilities can be introduced (and mitigated) during all phases of the software development life cycle. [pubDate] => Tue, 04 Mar 2008 10:27:36 -0500 ) [31] => Array ( [title] => FIRST and Carnegie Mellon Software Enginnering Institute CERT Coordination Center Unveil New Security Awards [link] => http://www.cert.orghttp://www.first.org/conference/2008/contest.html [description] => The first-ever international competition honoring best practices and advances in safeguarding the security of computer systems and networks is announced today by the Forum of Incident Response and Security Teams (FIRST) and Carnegie Software Engineering Institute (SEI) CERT Coordination Center (CERT/CC). [pubDate] => Tue, 26 Feb 2008 09:12:17 -0500 ) [32] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => Business leaders need to understand the risks to their organizations caused by the proliferation of botnets. [pubDate] => Tue, 19 Feb 2008 11:20:14 -0500 ) [33] => Array ( [title] => CERT to Participate in Second Annual Counter eCrime Operations Summit [link] => http://www.cert.orghttp://www.antiphishing.org/events/2008_operationsSummit.html [description] => CERT will be participating in the Counter eCrime Operations Summit II May 26-27 Tokyo, Japan. [pubDate] => Thu, 14 Feb 2008 11:30:38 -0500 ) [34] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => Selecting and reporting meaningful security metrics depend on picking topics of great interest, defining the business context, and having access to sound data. [pubDate] => Tue, 05 Feb 2008 10:47:48 -0500 ) [35] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => Selecting and reporting meaningful security metrics depend on picking topics of great interest, defining the business context, and having access to sound data. [pubDate] => Tue, 05 Feb 2008 10:38:57 -0500 ) [36] => Array ( [title] => SQUARE Instructional Materials Released [link] => http://www.cert.org/sse/square/square-description.html [description] => Workshop, tutorial, and academic educational materials on SQUARE (Security Quality Requirements Engineering) are now available for download. [pubDate] => Tue, 22 Jan 2008 10:54:03 -0500 ) [37] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => Peer-to-peer networks are being used today to unintentionally disclose government, commercial, and personal information. [pubDate] => Tue, 22 Jan 2008 10:20:34 -0500 ) [38] => Array ( [title] => CERT Statistics Updated [link] => http://www.cert.org/stats/ [description] => The numbers from the fourth quarter have been incorporated, completing the 2007 statistics. [pubDate] => Tue, 15 Jan 2008 16:29:00 -0500 ) [39] => Array ( [title] => Insider Threat Studies Released [link] => http://www.cert.org/insider_threat/ [description] => Insider Threat Study: Illicit Cyber Activity in the Government Sector and Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector have been released. These reports present the findings of research efforts to examine reported insider incidents within their respective sectors. [pubDate] => Wed, 09 Jan 2008 08:54:15 -0500 ) [40] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => Directors and senior executives are personally accountable for protecting information entrusted to their care. [pubDate] => Tue, 08 Jan 2008 10:24:08 -0500 ) [41] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => Internal Audit can serve a key role in putting an effective information security program in place, and keeping it there. [pubDate] => Mon, 10 Dec 2007 22:22:17 -0500 ) [42] => Array ( [title] => FloCon 2008 Schedule Available [link] => http://www.cert.org/flocon/2008/schedule/ [description] => The schedule for the FloCon 2008 conference has been released. [pubDate] => Thu, 29 Nov 2007 12:43:57 -0500 ) [43] => Array ( [title] => FBI Announces Results of Operation Bot Roast II [link] => http://www.cert.orghttp://www.fbi.gov/page2/nov07/botnet112907.html [description] => In the second phase of the FBI investigation of botnets, 8 people were indicted, pled guilty, or were sentenced. So far, more than $20 million in losses and more than 1 million victim computers have been identified. Learn how to prevent and report attacks. [pubDate] => Thu, 29 Nov 2007 11:14:16 -0500 ) [44] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => Information security degree programs are proliferating, but what do they really offer business leaders who are seeking knowledgeable employees? [pubDate] => Tue, 27 Nov 2007 12:22:15 -0500 ) [45] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => Information security risk assessment, performed in concert with operational risk management, can contribute to compliance as an outcome. [pubDate] => Tue, 13 Nov 2007 12:11:08 -0500 ) [46] => Array ( [title] => CERT NetSA Group Participates in Anti-Phishing Working Group eCrime Research Summit [link] => http://www.cert.org/netsa/ [description] => Members of the CERT Network Situational Awarness Group presented Fishing for Phishes: Applying Capture-Recaputre Methods to Estimate Phishing Populations at the APWG eCrime Researchers Summit. They also participated in the Report out and Panel: Uncleanliness: Quantifying network reputation. [pubDate] => Thu, 01 Nov 2007 11:54:42 -0400 ) [47] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => Business Leaders can play a key role in computer forensics by establishing strong policies and proactively testing to ensure those policies work in tough situations. [pubDate] => Tue, 30 Oct 2007 11:55:11 -0400 ) [48] => Array ( [title] => CERT Statistics Updated [link] => http://www.cert.org/stats/ [description] => The CERT statistics have been updated with numbers from the third quarter of 2007. [pubDate] => Tue, 16 Oct 2007 14:45:14 -0400 ) [49] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => A business resilience argument can bridge the communication gap that often exists between information security officers and business leaders. [pubDate] => Tue, 16 Oct 2007 11:19:12 -0400 ) [50] => Array ( [title] => Vodcast - Secure Coding Initiative: Project [link] => http://www.cert.org/vodcast/secure-coding/project.html [description] => Robert Seacord discusses the Secure Coding project. [pubDate] => Tue, 09 Oct 2007 11:17:59 -0400 ) [51] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => By taking a holistic view of business resilience - similar in many ways to classical engineering - business leaders can help their operations stand up to known and unknown threats. [pubDate] => Tue, 02 Oct 2007 11:33:23 -0400 ) [52] => Array ( [title] => FloCon 2008 Call for Presentations [link] => http://www.cert.org/flocon/2008/index.html [description] => The submission deadline for FloCon 2008 is fast approaching! Send a description of your presentation in before midnight October 5, 2007. [pubDate] => Fri, 21 Sep 2007 10:01:39 -0400 ) [53] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => It's easy to think of security as a collection of technologies and tools - but people are the real key to any security effort. [pubDate] => Tue, 18 Sep 2007 11:23:42 -0400 ) [54] => Array ( [title] => Ranged Integers for the C Programming Language [link] => http://www.cert.org/archive/pdf/07tn027.pdf [description] => This report describes an extension to the C programming language to introduce the notion of ranged integers, that is, integer types with a defined range of values. [pubDate] => Thu, 13 Sep 2007 09:48:48 -0400 ) [55] => Array ( [title] => Resiliency Engineering Framework and Service Oriented Architecture Information Sessions [link] => http://www.cert.org/resiliency_engineering/index.html#events [description] => Special information sessions for technical managers, software engineers, and decision makers on the CERT Resiliency Engineering Framework (REF) and Service Oriented Architecture (SOA) are scheduled for October 16 in Frankfurt, Germany, and October 18 in London. More information is available on the SEI site. [pubDate] => Wed, 12 Sep 2007 15:27:04 -0400 ) [56] => Array ( [title] => 2007 E-Crime Watch Survey [link] => http://www.cert.org/archive/pdf/ecrimesummary07.pdf [description] => The 4th annual E-Crime Watch Survey has been released by CERT, the US Secret Service, CSO Magazine, and Microsoft. [pubDate] => Tue, 11 Sep 2007 08:45:08 -0400 ) [57] => Array ( [title] => Vodcast: Secure Coding Standards Work [link] => http://www.cert.org/vodcast/secure-coding/standards.html [description] => Robert Seacord talks about the development of secure coding rules and recommendations for C, C++. and other programming languages. [pubDate] => Fri, 07 Sep 2007 13:05:04 -0400 ) [58] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => Given that you can't secure everything, managing security risk to a "commercially reasonable degree" can lead to the best possible solution. [pubDate] => Tue, 04 Sep 2007 15:39:52 -0400 ) [59] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => Business leaders can use national CSIRTs (Computer Security Incident Response Teams) as a key resource when dealing with incidents with a national or worldwide scope. [pubDate] => Tue, 21 Aug 2007 11:43:44 -0400 ) [60] => Array ( [title] => Vodcast: Training Provided through CERT's Secure Coding Initiative [link] => http://www.cert.org/vodcast/training.html [description] => Robert Seacord discusses CERT's offerings in the realm of training in secure coding. [pubDate] => Tue, 07 Aug 2007 11:43:24 -0400 ) [61] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => Information security costs can be significantly reduced by enforcing standard configurations for widely deployed systems. [pubDate] => Tue, 07 Aug 2007 11:19:59 -0400 ) [62] => Array ( [title] => Beta Implementation of Managed String Library Released [link] => http://www.cert.org/secure-coding/managedstring.html [description] => The beta version of the managed string library, developed to improve the quality and security of newly developed C-language programs, is now available. [pubDate] => Thu, 02 Aug 2007 16:03:53 -0400 ) [63] => Array ( [title] => Microsoft Recognizes CERT Analyst [link] => http://www.microsoft.com/technet/security/acknowledge/default.mspx [description] => Microsoft has acknowledged Will Dormann of the CERT/CC for identifying and helping to remediate security vulnerabilities in their online services. Will is one of eleven individuals recognized for their efforts. [pubDate] => Thu, 02 Aug 2007 11:55:15 -0400 ) [64] => Array ( [title] => CERT Statistics Updated [link] => http://www.cert.org/stats/ [description] => The layout of the statistics has been updated, and numbers have been added for the second quarter of 2007. [pubDate] => Thu, 26 Jul 2007 10:51:50 -0400 ) [65] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => Security is not an option - but it may be time to start viewing it as a business enabler, rather than just a cost of doing business. [pubDate] => Tue, 24 Jul 2007 15:28:42 -0400 ) [66] => Array ( [title] => CERT Secure Coding Tutorial at SANS Network Security 2007 [link] => http://www.cert.org [description] => Robert Seacord will conduct a tutorial, "Secure Coding in C and C++" on September 29 - 30, 2007 at SANS Network Security 2007 in Las Vegas, NV. [pubDate] => Tue, 24 Jul 2007 14:06:51 -0400 ) [67] => Array ( [title] => The Use of Malware Analysis in Support of Law Enforcement [link] => http://www.cert.org/archive/pdf/malware-7-07.pdf [description] => This paper explains how examining artifacts of a computer intrusion, such as malicious code, can identify clues to further investigation of computer-related crimes. [pubDate] => Wed, 11 Jul 2007 14:10:56 -0400 ) [68] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast [description] => Business leaders can use international standards to create a business- and risk-based information security program. [pubDate] => Tue, 10 Jul 2007 11:41:00 -0400 ) [69] => Array ( [title] => CERT Secure Coding Tutorial at SANSFIRE 2007 [link] => http://www.sans.org/sansfire07/description.php?tid=902&portal=6f34a766fa9e3ceeb565e92155aa06f5 [description] => Robert Seacord will conduct a one-day tutorial, "Secure Coding in C and C++," on July 25, 2007 at SANSFIRE 2007 in Washington, DC. More details are available on the SANSFIRE 2007 site. [pubDate] => Mon, 02 Jul 2007 14:50:59 -0400 ) [70] => Array ( [title] => New PGP Key [link] => http://www.cert.org/pgp/newpgp2007b.html [description] => The CERT/CC has issued a new PGP key. It is valid until June 30, 2008. [pubDate] => Thu, 28 Jun 2007 16:19:32 -0400 ) [71] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => Enterprise security governance is not just a vague idea - it can be achieved by implementing a defined, repeatable process with specific activities. [pubDate] => Tue, 26 Jun 2007 11:44:59 -0400 ) [72] => Array ( [title] => FBI Charges "Bot-Herders" [link] => http://www.cert.orghttp://www.fbi.gov/page2/june07/botnet061307.htm [description] => The FBI has identified about 1 million computers across the country that have been compromised by botnets. Learn how to identify, report, and prevent attacks. [pubDate] => Wed, 13 Jun 2007 12:44:22 -0400 ) [73] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => Deploying common solutions for physical and IT security is a cost-effective way to reduce risk and save money. [pubDate] => Tue, 12 Jun 2007 11:13:40 -0400 ) [74] => Array ( [title] => Incident Management Capability Metrics Version 0.1 [link] => http://www.cert.org/archive/pdf/07tr008.pdf [description] => The metrics presented in this document provide a benchmark of incident management practices. [pubDate] => Tue, 05 Jun 2007 17:53:35 -0400 ) [75] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast [description] => Organizations occasionally may need to redefine their IT infrastructures - but to succeed, they must be prepared to handle tricky situations. [pubDate] => Tue, 29 May 2007 09:57:00 -0400 ) [76] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => As the legal compliance landscape grows increasingly complex, de-identification can help organizations share data more securely. [pubDate] => Tue, 15 May 2007 11:49:29 -0400 ) [77] => Array ( [title] => Resiliency Engineering [link] => http://www.cert.org/resiliency_engineering/ [description] => New information about CERT's security and resiliency engineering work is now available. [pubDate] => Thu, 03 May 2007 17:14:10 -0400 ) [78] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => Business leaders need to ensure that their organizations can keep critical processes and services up and running in the face of the unexpected. [pubDate] => Tue, 01 May 2007 09:45:17 -0400 ) [79] => Array ( [title] => CERT Statistics Updated [link] => http://www.cert.org/stats/cert_stats.html [description] => The CERT statistics have been updated with the numbers from the first quarter of 2007. [pubDate] => Mon, 30 Apr 2007 13:58:18 -0400 ) [80] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => Computer forensics is a critical part of incident response, and business leaders need to understand how to tackle it. [pubDate] => Tue, 17 Apr 2007 10:41:06 -0400 ) [81] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => Incident management is a cross-enterprise effort requiring good communication and informed risk management. [pubDate] => Tue, 03 Apr 2007 12:55:52 -0400 ) [82] => Array ( [title] => Podcast series ranks #10 [link] => http://www.cert.org [description] => The Security for Business Leaders podcast series came in at #10 on Podcast Bunker's Top 20 list last week. [pubDate] => Thu, 29 Mar 2007 10:29:58 -0400 ) [83] => Array ( [title] => New PGP Key [link] => http://www.cert.org/pgp/newpgp2007.html [description] => The CERT/CC has issued a new PGP key. It is valid until March 21, 2008. [pubDate] => Fri, 23 Mar 2007 16:03:26 -0400 ) [84] => Array ( [title] => Article 2: Defining an Effective Enterprise Security Program (ESP) [link] => http://www.cert.org/archive/pdf/GES_IG_2_0703.pdf [description] => This second article in the Governing for Enterprise Security Impelementation Guide series defines the components and sequence of activities in an effective Enterprise Security Program (ESP). [pubDate] => Fri, 23 Mar 2007 10:15:16 -0400 ) [85] => Array ( [title] => Article 3: Enterprise Security Governance Activities [link] => http://www.cert.org/archive/pdf/GES_IG_3_0703.pdf [description] => This third article in the Governing for Enterprise Security Implementation Guide series elaborates on the governance-based activities necessary to achieve and sustain an ESP. [pubDate] => Fri, 23 Mar 2007 10:13:20 -0400 ) [86] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => Business leaders, including legal counsel, need to understand how to tackle complex security issues for a global enterprise. [pubDate] => Tue, 20 Mar 2007 13:24:30 -0400 ) [87] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => System administrators increasingly need business savvy in addition to technical skills, and IT training courses must try to keep pace with this trend. [pubDate] => Tue, 06 Mar 2007 10:25:28 -0500 ) [88] => Array ( [title] => Governing for Enterprise Security [link] => http://www.cert.org/governance/ [description] => This new section of the web site highlights research and development in the enterprise security realm. It includes the new Governing for Enterprise Security Implementation Guide [pubDate] => Tue, 20 Feb 2007 12:00:00 -0500 ) [89] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => This conversation discusses how business leaders can prepare to communicate with the media and their staff during a high-profile security incident or crisis. [pubDate] => Tue, 20 Feb 2007 12:00:00 -0500 ) [90] => Array ( [title] => New Podcast Released [link] => http://www.cert.org/podcast/ [description] => This conversation discusses innovative analysis tools needed to assess complex organizational and technological issues. [pubDate] => Tue, 6 Feb 2007 12:00:00 -0500 ) [91] => Array ( [title] => Collaboration Meeting for CSIRTs with National Responsibility [link] => http://www.cert.org/csirts/national/conference2007.html [description] => The CERT Coordination Center will be hosting a meeting of CSIRTs with national responsibility in Madrid, Spain from June 23 to June 25, 2007 after the FIRST annual conference in Seville. [pubDate] => Fri, 26 Jan 2007 12:00:00 -0500 ) ) int(92)
92
cert.org :: This newsfeed has a problem
security @ the web & the world :: hundreds of fresh newsfeeds on schuirink.net
schuirink.net
main destinations: home | the web & the world | out of here
Google

news headlines

News headlines collected from 498 newsfeeds.

gimme headlines!!

  >>  SecurityFocus
  >>  CERT/CC
  >>  LinuxSecurity.com - Latest News
  >>  Debian Security

SecurityFocus

url:
http://www.securityfocus.com/
SecurityFocus.com is designed to facilitate discussion on security related topics, create security awareness, and to provide the Internet's largest and most comprehensive database of security knowledge and resources to the public. It also hosts the BUGTRAQ mailing list.
News: Change in Focus

News: Twitter attacker had proper credentials

News: PhotoDNA scans images for child abuse

News: Conficker data highlights infected networks

Brief: Google offers bounty on browser bugs

Brief: Cyberattacks from U.S. "greatest concern"

Brief: Microsoft patches as fraudsters target IE flaw

Brief: Attack on IE 0-day refined by researchers

News: Monster botnet held 800,000 people's details

News: Google: 'no timetable' on China talks

News: Latvian hacker tweets hard on banking whistle

News: MS uses court order to take out Waledac botnet

Infocus: Enterprise Intrusion Analysis, Part One

Infocus: Responding to a Brute Force SSH Attack

Infocus: Data Recovery on Linux and <i>ext3</i>

Infocus: WiMax: Just Another Security Challenge?

Gunter Ollmann: Time to Squish SQL Injection

Mark Rasch: Lazy Workers May Be Deemed Hackers

Adam O'Donnell: The Scale of Security

Mark Rasch: Hacker-Tool Law Still Does Little

More rss feeds from SecurityFocus


CERT/CC

url:
http://www.cert.org/
At the CERT Coordination Center, we study Internet security vulnerabilities and incident activity, publish a variety of security alerts, research security and survivability in wide-area-networked computing, and develop information to help you improve security at your site.

LinuxSecurity.com - Latest News

url:
http://www.linuxsecurity.com
The Community's Center for Security
Targeted Attack Uses Heartbleed to Hijack VPN Sessions

Even the most secure cloud storage may not be so secure, study finds

Fixing OpenSSL's Heartbleed flaw will take MONTHS, warns Secunia

Safety you can bank on: Chromebook, Linux, phone

Open source trounces proprietary software for code defects, Coverity analysis finds

Heartbleed: Security experts reality-check the 3 most hysterical fears

Canadians arrest a Heartbleed hacker

Galaxy S5 fingerprint scanner hacked with glue mould

'Snowden effect' has changed cloud data security assumption, survey claims

Why a hacker got paid for finding the Heartbleed bug

Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker

Hackers From China Waste Little Time in Exploiting Heartbleed


Debian Security

url:
http://security.debian.org/
Debian Security Advisories
DSA-2911 icedove

DSA-2910 qemu-kvm

DSA-2909 qemu

DSA-2908 openssl

DSA-2907

DSA-2905 chromium-browser

DSA-2904 virtualbox

DSA-2903 strongswan

DSA-2902 curl

DSA-2901 wordpress

DSA-2900 jbigkit

DSA-2899 openafs

DSA-2898 imagemagick

DSA-2897 tomcat7

DSA-2896 openssl

DSA-2895 prosody

DSA-2894 openssh

DSA-2893 openswan

DSA-2892 a2ps

DSA-2891 mediawiki, mediawiki-extensions

DSA-2890 libspring-java

DSA-2889 postfixadmin

DSA-2888 ruby-actionpack-3.2

DSA-2887 ruby-actionmailer-3.2

DSA-2886 libxalan2-java

DSA-2885 libyaml-libyaml-perl

DSA-2884 libyaml