Collaborate Disseminate
Microsoft has announced the Windows Resiliency Initiative, aimed at avoiding a repeat of the prolonged worldwide IT outage caused by a buggy CrowdStrike update that took down millions of Windows machines and rendered them remotely unfixable. As part of… Continue reading Microsoft plans to boot security vendors out of the Windows kernel
In this Help Net Security interview, Alex Spivakovsky, VP of Research & Cybersecurity at Pentera, discusses essential metrics for evaluating the success of security programs. Spivakovsky explains how automation and proactive testing can reveal vul… Continue reading Essential metrics for effective security program assessment
CrowdStrike has released a preliminary Post Incident Review (PIR) of how the flawed Falcon Sensor update made its way to millions of Windows systems and pushed them into a “Blue Screen of Death” loop. The PIR is a bit confusing to read and parse, becau… Continue reading Learning from CrowdStrike’s quality assurance failures
In this Help Net Security interview, Jake King, Head of Threat & Security Intelligence at Elastic, discusses companies’ exposure to new security risks and vulnerabilities as they rush to deploy LLMs. King explains how LLMs pose significant r… Continue reading How companies increase risk exposure with rushed LLM deployments
Enterprises spend enormous effort fixing software vulnerabilities that make their way into their publicly-facing applications. The Consortium for Information and Software Quality estimates that the cost of poor software quality in the United States rea… Continue reading Finding software flaws early in the development process provides ROI
Despite recent economic fluctuations, the software-as-a-service (SaaS) market isn’t letting up. The industry is set to grow annually by over 18% and be valued at $908.21 billion by 2030. It’s evident the industry is fueled by an increasing reliance on … Continue reading Debunking compliance myths in the digital era
For more than 12 years, I’ve been organizing and running hackathons with the goal of finding security vulnerabilities and fixing them before a product hits the market. These events can play a pivotal role in the product development lifecycle, increasin… Continue reading 10 tips for creating your security hackathon playbook
In this Help Net Security video interview, David Hunt, CTO at Prelude, discusses his book – Irreducibly Complex Systems: An Introduction to Continuous Security Testing. Continuous security testing (CST) is a new strategy for validating cyber defe… Continue reading Introducing the book: Irreducibly Complex Systems
Google has announced the Google Cloud Assured Open Source Software (Assured OSS) service, which aims to be a trusted source of secure open source packages, and the deps.dev API, which provides access to security metadata for 50+ million open source pac… Continue reading Google delivers secure open source software packages
Fuzz testing helps developers protect their applications against memory corruptions, crashes that cause downtime, and other security issues, including DoS and uncaught exceptions. Code Intelligence has open-sourced a new security tool, CI Fuzz CLI, whi… Continue reading CI Fuzz CLI: Open-source tool simplifies fuzz testing for C++