Collaborate Disseminate
One of the main contributors to the weak security posture of development environments is the complexity and knowledge gap created by the number of tools and services involved in this process. With more than a hundred CI/CD tools to choose from and hun… Continue reading Proliferation of DevOps Tools Introduces Risk
President Biden served up an Executive Order, prompted by fallout from the SolarWinds attack, that has drawn praise for the administration’s obvious commitment to cybersecurity and a willingness to put the weight of the federal government’s purchasing… Continue reading Biden EO Has Teeth, But May Prove Difficult to Implement
In an era when many organizations are focused on building zero-trust access control architectures, many are paradoxically extending considerable trust to the third parties they enable to access their systems remotely. And that trust is placing them at… Continue reading Enterprises Misplace Trust in Partners, Suppliers
As you may have heard, a massive breach of Microsoft Exchange servers was revealed in the last several weeks. The attack is not over yet. We can always wait for another attack and blame another vendor, but when it comes to Microsoft, well, who can we … Continue reading Time to Rethink Your Security Strategy
Recent attacks have caused the security industry to direct significant attention to supply chain security. As organizations look to address those challenges, it’s critical to start with what is arguably the most integral piece of the supply chain: the… Continue reading Don’t Let the Fox Watch the Henhouse: Securing Firmware
Following the end of 2020 software supply chain attacks on SolarWinds that impacted multiple government agencies and private sector companies, President Biden issued a 2021 executive order asking for a comprehensive review of all government suppl… Continue reading White House Releases Executive Order on America’s Software Supply Chains
The recent SolarWinds data breach was so pervasive it sent shivers through the industry. Who exactly was affected? How deep were the incursions? What are the long-term implications? How will this impact critical areas of the global supply chain? The u… Continue reading Mitigating Third-Party Supply Chain Breaches
The recent SolarWinds data breach was so pervasive it sent shivers through the industry. Who exactly was affected? How deep were the incursions? What are the long-term implications? How will this impact critical areas of the global supply chain? The u… Continue reading Mitigating Third-Party Supply Chain Breaches
In July 2017, one of the biggest data breaches was due to an insecure and out of date web application platform. This breach would have been prevented if the Apache Struts platform the web application ran on had the most recent updates applied. Thi… Continue reading Securing the Software Supply Chain Goes Beyond Application Development
A report published by Akamai at the close of 2019 advises cybersecurity teams to expect to see many more weaponized cyber attacks in the New Year. Larry Cashdollar, an Akamai security researcher, said going into 2020 an overlap between criminal develo… Continue reading Akamai: Cyber Attacks Now Being Weaponized