Category Archives: Tony Sager

Supply Chain Security 101: An Expert’s View

Posted on by

Earlier this month I spoke at a cybersecurity conference in Albany, N.Y. alongside Tony Sager, senior vice president and chief evangelist at the Center for Internet Security and a former bug hunter at the U.S. National Security Agency. We  talked at length about many issues, including supply chain security, and I asked Sager whether he’d heard anything about rumors that Supermicro — a high tech firm in San Jose, Calif. — had allegedly inserted hardware backdoors in technology sold to a number of American companies. Continue reading Supply Chain Security 101: An Expert’s View

Looking to fit it all together, banks adopt standards for cyber automation and integration

Posted on by

To understand the Integrated Adaptive Cyber Defense system that U.S. banks and other financial institutions agreed to adopt this week, you have to think about plumbing. “When you go to the hardware store to buy plumbing supplies, you don’t have to wonder ‘Will this fit with the plumbing I already have in my home?’ because there are universal standards,” said Tony Sager, senior vice president and chief evangelist for the Center for Internet Security. The idea of the Integrated Adaptive Cyber Defense (IACD) system is to bring that approach to cybersecurity, explained Sager, who was a senior executive at the National Security Agency for many years. Government entities like the Pentagon and industries like banking “spend millions on these tools … and then they can’t work together,” he said, because of completely different architectures or proprietary interfaces. Many of the latest tools come equipped with an application programming interface (API) — essentially a software […]

The post Looking to fit it all together, banks adopt standards for cyber automation and integration appeared first on Cyberscoop.

Continue reading Looking to fit it all together, banks adopt standards for cyber automation and integration

OWASP postpones publication of Top 10 app vulnerabilities draft

Posted on by

The Open Web Application Security Project (OWASP) has postponed publication of its canonical Top 10 list of web application vulnerabilities this week, saying it needs more time to review the unprecedented amounts of data it’s received. “We have data on 114,000 apps at the moment, but we got a lot of late submissions. That could rise to 120,000 or 130,000,” lead author Andrew van der Stock told CyberScoop. He said the team of volunteers preparing the new draft met over the weekend and agreed to push the scheduled Oct. 9 publication to Oct. 20. “We needed more time to analyze all this new data,” he said. “We still want to give people a month to comment” on the draft after it’s released, van der Stock said, but added the authors were determined to publish the final version before Thanksgiving. “We don’t want it to get lost in the holidays,” he concluded. OWASP is a […]

The post OWASP postpones publication of Top 10 app vulnerabilities draft appeared first on Cyberscoop.

Continue reading OWASP postpones publication of Top 10 app vulnerabilities draft