Seven of the new full-time employees hired to start up operations previously worked at the VISE-GRIP factory. Malco plans to add jobs as production increases.

Here's how to ensure that your customers and employees stay healthy and safe during your service calls, in the midst of a pandemic.

This is a once-in-lifetime opportunity where leadership becomes a precious commodity.

The last couple busy seasons, HVAC contractors have seen a high influx of calls due to remote work. There are steps HVAC companies can take to meet demand while also alleviating the stress of the season.

Awarded the Energy Star® Most Efficient Mark in 2019, this product has a high-efficiency DC motor.

Properly sealing and maintaining heating and cooling ducts is a low-cost measure that can improve energy efficiency.

Context can help professionals direct their attention to where duct leakage can best be addressed.

By tracking and monitoring service, productivity, and fuel metrics, HVACR fleet managers can better measure their fleet improvement efforts and quickly spot process and operational issues that need to be addressed.

Here are a few ideas that contractor can use to prime the marketing pump for this holiday.

The path to temperature control through smart thermostat technology is more involved than many customers realize.

Posted by Xen . org security team on Nov 12

Posted by Xen . org security team on Nov 12

Posted by Andrew Cooper on Nov 12

Posted by Alan Coopersmith on Nov 12

Posted by Demi Marie Obenour on Nov 12

Selling products online is a whole new ball game. So, contractors will want to learn about their consumers buying journeys, and thoughtfully consider how to launch the online store, what products to sell, and how to market it.

HVAC has a critical role to play in the future of building automation and digitalization.

When it comes to this piece of critical infrastructure, operators need to be prepared to face new and sophisticated attacks.

Posted by CISA on Mar 21

Posted by CISA on Mar 28

This episode features an interview with the software security expert Gary McGraw. Gary explains why this topic is so important and gives several security deficiencies examples that he found in the past. The second half of the interview is about his latest book 'Exploiting Online Games' where he explains how online games are hacked and why this is relevant to everybody, not only gamers in their 'First Life'.

The majority of hacker attacks (70 %) are directed at weaknesses that are the result of problems in the implementation and/or architecture of the application. This session shows how you can protect your web applications (J2EE or .NET) against these attacks. The session covers lots of practical examples and techniques for attack. Furthermore, it shows strategies for defense, including a "Secure Software Development Lifecycle". A "Live Hacking" demo rounds it out. This is a session recorded live at OOP 2009. SE Radio thanks Bruce, SIGS Datacom and the programme chair, Frances Paulisch, for their great support!

Guest: Wilbert Albers Host: Markus In this episode we take a look at microchip production, with a special focus on waferscanners. To do this, we talked with Wilbert Albers of ASML, the leading waferscanner manufacturer in the world. In the episode, we talk about the overall chip production process (from silicon sand over wafer cutting […]

Docker Security Team lead Diogo Mónica talks with SE Radio’s Kim Carter about Docker Security aspects. Simple Application Security, which hasn’t changed much over the past 15 years, is still considered the most effective way to improve security around Docker containers and infrastructure. The discussion explores characteristics such as Immutability, the copy-on-write filesystem, as well as orchestration principles that are baked into Docker Swarm, such as mutual TLS/PKI by default, secrets distribution, least privilege, content scanning, image signatures, and secure/trusted build pipelines. Diogo also shares his thoughts around the attack surface of the Linux kernel; networking, USB, and driver APIs; and the fact that application security remains more important to focus our attention on and get right.

1. Founder of Thinkst, Haroon Meer talks with Kim Carter about Network Security. Topics include how attackers are gaining footholds into our networks, moving laterally, and exfilling our precious data, as well as why we care and what software engineers can do about it.

Founder of Signal Sciences Zane Lackey talks with Kim Carter about Application Security around what our top threats are today, culture, threat modelling, and visibility, and how we can improve our security stature as Software Engineers.

Scott Piper and Kim Carter discuss Cloud Security. The Shared Responsibility Model, assets, risks, and countermeasures, evaluation techniques for comparing the security stature of CSPs. Scott discusses his FLAWS CTF engine. Covering tools Security Monkey and StreamAlert.

Kishore Bhatia talks with Travis Kimmel about Engineering Impact: In the age of data-driven decision making, how does one go about measuring, communicating, and improving engineering productivity? We’ll learn from Travis’ experience building data analytics tools in this space, with insights and best practices for engineering teams and business stakeholders for measuring value and productivity.

Saša Jurić, author of Elixir in Action, explains the Elixir programming language and how it unlocks the benefits of the Erlang ecosystem, revealing the “sweet spot” for Elixir programs: highly scalability and fault tolerant systems with a simple arc

How can you scale an engineering organization when you haven’t already experienced rapid growth? Jean-Denis Greze of Plaid explains how to proactively enhance team capabilities and readiness by “leveling up” through a maturity map.

Justin Richer, lead author of the OAuth2 In Action book discusses the key technical features of the OAuth2 authorization protocol and the current best practices for selecting the right parts of it for your use case.

Joshua Davies discusses TLS, PKI vulnerabilities in the PKI, and the evolution of the PKI to make it more secure, with host Robert Blumen.

Neil Madden, author of the API Security in Action book discusses the key requirements needed to secure an API, the risks to consider, models to follow and which task is the most important.

Sam Procter of the SEI discusses architecture design languages, specifically Architecture Analysis and Design Language, and how we can leverage the formal modeling process to improve the security of our application design and improve applications overall.

Katharine Jarmul of DropoutLabs discusses security and privacy concerns as they relate to Machine Learning. Host Justin Beyer spoke with Jarmul about attack types and privacy-protected ML techniques.

Bert Hubert, author of the open source PowerDNS nameserver discusses DNS security and all aspects of the Domain Name System with its flaws and history.

Sven Schleier and Jeroen Willemsen from the OWASP Mobile Application Security Verification Standard and Testing Guide project discuss mobile application security and how the verification standard and testing guide can be used to improve your app’s...

Aaron Rinehard, CTO of Verica and author, discusses security chaos engineering (SCE) and how it can be used to enhance the security of modern application architectures.

Kim Carter of BinaryMist discusses Dynamic Application Security Testing (DAST) and how the OWASP purpleteam project can improve early defect detection. Host Justin spoke with Carter about how DAST can provide meaningful feedback loops to developers...

Jessi Ashdown and Uri Gilad, authors of the book "Data Governance: The Definitive Guide," discuss what data governance entails, why it's important, and how it can be implemented. Host Akshay Manchale speaks with them about why data governance...

Open source developers Jordan Harband and Donald Fischer join host Robert Blumen for a conversation about securing the software supply chain, especially open source. They start by reviewing supply chain security concepts, particularly as related to open..

Simon Bennetts, a distinguished engineer at Jit, discusses one of the flagship projects of OWASP: the Zed Attack Proxy (ZAP) open source security testing tool. As ZAP’s primary maintainer, Simon traces the tool's origins and shares some anecdotes with SE Radio host Priyanka Raghavan on why there was a need for it. They take a deep dive into ZAP’s features and its ability to integrate with CI/CD, as well as shift security left. Bennetts also considers what it takes to build a successful open source project before spending time on ZAP’s ability to script to provide richer results. Finally, the conversation ends with some questions on ZAP’s future in this AI-powered world of bots.

Nir Valtman, co-Founder and CEO at Arnica, discusses pipelineless security with SE Radio host Priyanka Raghavan. They start by defining pipelines and then consider how to add security. Nir lays out the key challenges in getting good code coverage with the pipeline-based approach, and then describes how to implement a pipelineless approach and the advantages it offers. Priyanka quizzes him on the concept of "zero new hardcoded secrets," as well as some ways to protect GitHub repositories, and Nir shares examples of how a pipelineless approach could help in these scenarios. They then discuss false positives and handling developer fatigue in dealing with alerts. The show ends with some discussion around the product that Arnica offers and how it implements the pipelineless methodology.

Charles Weir—developer, security researcher, and Research Fellow at Security Lancaster—joins host Giovanni Asproni to discuss an approach that development teams can use to create secure systems without wasting effort on unnecessary security work. The episode starts with a broad description of the approach, which is based on Weir's research and on a free Developer Security Essentials workshop he created. Charles presents some examples from real-world projects, his view on AI's impact on security, and information about the workshop and where to find the materials. During the conversation, they consider several related topics including the concept of "good enough" security; security as a product decision; risk assessment, classification, and prioritization; and how to approach security in startups, greenfield, and legacy systems.

Shahar Binyamin, CEO and co-founder of Inigo, joins host Priyanka Raghavan to discuss GraphQL security. They begin with a look at the state of adoption of GraphQL and why it's so popular. From there, they consider why GraphQL security is important as they take a deep dive into a range of known security issues that have been exploited in GraphQL, including authentication, authorization, and denial of service attacks with references from the OWASP Top 10 API Security Risks. They discuss some mitigation strategies and methodologies for solving GraphQL security problems, and the show ends with discussion of Inigo and Shahar's top three recommendations for building safe GraphQL applications. Brought to you by IEEE Software and IEEE Computer Society.

Jonathan Horvath of Z-bit discusses physical access control systems (PACS) with host Jeremy Jung. They start with an overview of PACS components and discuss the proprietary nature of the industry, the slow pace of migration to open standards, and why Windows is commonly used. Jonathan describes the security implications of moving from isolated networks to the cloud, as well as credential vulnerabilities, encryption using symmetric keys versus asymmetric keys, and the risks related to cloning credentials. They also consider several standards, including moving from Wiegand to the Open Supervised Device Protocol (OSDP), as well as the Public Key Open Credential (PKOC) standard, and the open source OSDP implementation that Jonathan authored.

Brought to you by IEEE Computer Society and IEEE Software magazine.

Trees and edible plants are being planted at churches, schools, street corners, and empty lots across the country to provide free shade and food to all.

Despite muted microphones during the first debate between former President Donald Trump and Vice President Kamala Harris, each candidate's face spoke volumes.

Surrounded by a 26-foot-high separation wall, barbed wire, and a watchtower, a group of young Palestinians prepares a 3.5-acre piece of land for the growing season in spring. The noise

there are a few good ideas in here