Skip to main content

Privacy Monday - April 28, 2014

For the last Monday in April, we have a few privacy and security bits and bytes to start your week.

Trending Now - 5 Things Every Company's Data Security Program Should Include

JD Supra Perspectives has published a short article (disclosure: quoting this author) that can get people talking this week. Get it here and circulate it.   The 5 things could jump start your own data security program.

Tech Heavy Hitters Fund Open-Source Project

By now, you likely are aware that the Heartbleed bug originated in a coding error in OpenSSL -- an open-sourced Secure Socket Layer program.   Open source is good code in most respects, having been contributed to and tested by hundreds of experienced users.   But therein lies the problem as well.   There is no real QA.  Code is contributed and usually uploaded on the fly and bugs are reported by the user community with fixes also contributed.   The Washington Post reported that a group called the Core Infrastructure Initiative will pull together companies including Amazon, Cisco, Facebook, Google, IBM, Microsoft, Intel and others.  Each company has agreed to pledge $100,000 per year over the next three years to fund this initiative to help prevent pervasive security vulnerabilities in the future.

In the interim:  make sure you know what open source code your developers are using and how that code can affect your end users and customers.

Read more here - The Washington Post (registration may be required)





Subscribe To Viewpoints


Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.