Google is spearheading a volunteer workforce it hopes will become the centralized authority for responding to security issues in open source software.

Better known for its presentation of stunning examples of how not to develop code, The Daily WTF this week exposed a horrendous case of information loss when it published an article on a critical flaw in the Oklahoma Department of Corrections website.

The loose coupling of data drawn from different systems is one of the enduring appeals of mashups. However, what if some of that data needs to be handled securely, or it is necessary to log in to some or all of the data feeds? What if the mashup as a whole represents some form of sensitive system - now security is an issue.

RSA Software teams must act to protect systems and development projects from revenge attacks by disgruntled current and former employees.

RSA The US government is to shut thousands of points from which outsiders can access federal computer networks to about 50, Homeland security chief Michael Chertoff revealed today (Tuesday).

In a keynote at the RSA Conference in San Francisco, Chertoff outlined the government's plans to protect itself from cyber attack. he even compared this to a digital "Manhattan Project" in terms of impact and importance. So no lack of ambition there.

RSA Six years after scrambling to lock down Windows and having challenged security vendors on home turf with Windows Vista, Microsoft is calling for a "dialogue" over online security and privacy.

The phrase "Rich Internet Applications" has become a popular term for applications that run inside your browser or on your desktop and that interact with web applications or web services. RIA platforms include JavaScript (part of the AJAX umbrella), Adobe System's AIR, Microsoft's Silverlight, Java applets, and Java JFX from Sun Microsystems.

Sure, they look pretty with all that video, those rounded buttons and pop-up Windows - but should we trust them? These applications are, after all, downloaded from websites that can be good, bad or compromised. So what's there to protect users and server applications from a renegade RIA?

RSA The idea of throwing random test data at a program to see if it cracks has been around in one form or another since the beginning of software development. A formalized approach called fuzzing, based on Professor Barton Miller's work at the University of Wisconsin in the late 1980s, is undergoing a revival as a means of testing the security of applications.

Keyless entry systems are ubiquitous, from locking your car to accessing the restricted corridors of government and corporate power. It's therefore troubling to learn Wikipedia reading egg heads have cracked the encryption of a device widely used in a variety of keyless entry systems. There goes the girlfriend's VW, you thought you'd locked.

I imagine that is the question most users will ask when they see this dialog box:

CanSecWest A laptop running a fully patched version of Microsoft's Vista operating system was the second and final machine to fall in a hacking contest that pitted the security of Windows, OS X and Ubuntu Linux. With both a Windows and Mac machine felled, only the Linux box remained standing following the three-day competition.

Tired of spotty network performance interrupting your web service's performance and of navigating the maze that is mobile application development?

Google can help - just don't rely on the giant's Android mobile Software Development Kit (SDK) when it comes to building in security.

Fundamentally, there's nothing terribly new about the problems posed by Asynchronous JavaScript and XML (AJAX) when it comes to security, we just need to apply some good old security principles to this new technology.

The problems occur because, unfortunately, there are an awful lot of devils hidden inside the details.

A teen hacker known for his deftness with iPhones has figured out how to unlock models running the latest firmware versions by cracking a protection that has frustrated hackers for weeks.

Call it co-incidence or call it necessity, but Microsoft has jumped on-board a Yahoo!-backed initiative to give internet users a single digital identity.

Just one day after nasty security flaws were disclosed in Yahoo's Music Jukebox, miscreants have begun to actively exploit them.

Reg Dev is looking for article submissions on the theory and practice of building and managing software, and of running application development projects.

Visitors to Perl.com, the O'Reilly Media-owned resource, were redirected yesterday (Thursday) to a link farm pushing porn sites.

Yahoo! has pledged to support OpenID from the end of the month, giving a massive boost for the online identity framework that aims to cut password headaches.

Microsoft has warned that an unpatched vulnerability in older versions of Excel is being actively exploited by hackers.