The Internet of Things (IoT) is already a reality - but is anyone giving proper thought to security? In this interview, Cesare Garlati of the prpl Foundation explains how challenging it can be to add security to embedded devices. And he argues that virtualisation technologies, using a thin hypervisor layer, can provide the secure boot and root of trust needed to ensure that only genuine code gets run.

When you buy a security product or service, why doesn't it come with a money-back guarantee should you get hacked? Jeremiah Grossman, founder of WhiteHat Security, thinks that it should. He believes that the risks and vulnerabilities in certain areas of IT security are so well understood, and can be tested to such a reasonable degree, that it makes sense for security firms to offer guarantees.

Web application frameworks are now mature and sophisticated. But are too many developers depending on them too much to provide security for web applications? Sasha Zivojinovic of Context Information Security believes that developers don't always understand how user-provided data is going to be used within the application, and this can make them highly vulnerable.

Organisations usually view distributed denial of service (DDoS) attacks as an availability problem, often linked to extortion. But as Dave Larson of Corero Network Security explains in this interview, they are increasingly being used as part of multi-vector attacks designed to steal your data. And they are becoming easier to mount, putting them within reach of all kinds of malicious actors, from nation states down to individuals.

The Internet of Things is finally here and one manifestation is the 'smart' building. But as physical and data security converge, and more and more systems acquire web interfaces, are we simply opening up ever more systems to attack? In this interview, Colin Tankard of Digital Pathways explains how building systems lack common protocols and have often been developed with no consideration for security issues.