Collaborate Disseminate
Overview The Go Programming Language (also known as Golang) is an open source programming language created by Google. Go is compiled and is statically typed as in C (with garbage collection). It has limited structural typing, memory safety features, an… Continue reading Race Conditions Can Exist in Go
Current DAST testing tools often miss vulnerabilities that make it to production. Learn how you can find additional hidden vulnerabilities during DAST testing of your web applications.
The post How to Find Additional Hidden Vulnerabilities During DAST… Continue reading How to Find Additional Hidden Vulnerabilities During DAST Testing
DevOps and DevSecOps may have you wondering, what’s the difference. DevSecOps simply means placing security practices early during the SDLC (Software Development Life Cycle) processes within an Agile framework. Learn more here.
The post DevOps Vs Dev… Continue reading DevOps Vs DevSecOps – What is the difference?
The amount of vulnerabilities found in code continues to increase at an unprecedented rate. In 2019, 17,306 vulnerabilities were recorded in the US-Cert Vulnerability database. In addition we’re on track this year to beat last year’s number… Continue reading Enhancing Vulnerability Detection As Part of DevSecOps
A new survey of developers has found that there isn’t a single application security (appsec) tool that at least 80% of developers said is inhibiting their productivity.
The post Developers Claim Security Has a Negative Impact on Their Productivity… Continue reading Developers Claim Security Has a Negative Impact on Their Productivity
The recent industry shift towards DevOps makes it clear that organizations are adopting this development and operational model to facilitate the practice of automating software delivery and deployment. As a result, organizations are acknowledging that … Continue reading Correlating and Remediating Security Risks at Scale is Vital to DevOps
Chief information security officers working at high-profile enterprises know their jobs are as much about guarding their organization’s brand reputation and trust as they are about IT security. But to ensure that trust, CISOs need to know whether their security investments are actually working, and that calls for having metrics that matter to senior management, according to a new report. “It’s all about measurement,” says Home Depot CISO Stephen Ward, in remarks quoted in “The 2019 Trust Report,” released by Synack. “CISOs need a way to present security to their executive team and board in a way that clearly demonstrates and measures business risk to the organization. The executive team doesn’t want to talk about security — they want to talk about risk.” The report provides CISOs with a framework for using data from their security programs to gain a clearer sense of their organization’s ability to withstand damaging cyberattacks […]
The post How to demonstrate trust in cybersecurity practices with organization leaders appeared first on CyberScoop.
Continue reading How to demonstrate trust in cybersecurity practices with organization leaders
The Department of Homeland Security has ordered federal civilian agencies to more swiftly plug the vulnerabilities found on their networks, citing evidence that hackers are getting quicker at exploiting such bugs. In a Binding Operational Directive (BOD) dated April 29, DHS’s Cybersecurity and Infrastructure Security Agency gives agencies 15 days after discovery to fix vulnerabilities deemed critical – as opposed to the 30 days that agencies previously had to address those flaws. “Recent reports from government and industry partners indicate that the average time between discovery and exploitation of a vulnerability is decreasing as today’s adversaries are more skilled, persistent, and able to exploit known vulnerabilities,” reads the memo from CISA Director Chris Krebs. The new directive also gives agencies 30 days to fix vulnerabilities labeled “high” in severity, which are a step below critical. That is another change from a 2015 order, now revoked, which did not provide a […]
The post New DHS order pushes agencies to quickly patch vulnerabilities appeared first on CyberScoop.
Continue reading New DHS order pushes agencies to quickly patch vulnerabilities
A Pennsylvania credit union has sued fintech giant Fiserv for allegedly failing to address persistent vulnerabilities in the platform that powers its banking websites and online applications. In a lawsuit filed Friday, Bessemer System Federal Credit Union said that the web platform maintained by Fiserv, is “plagued with security vulnerabilities that affect the privacy of thousands of Bessemer’s members.” Those vulnerabilities were “based on baffling and amateurish security lapses,” the document alleges. The complaint describes Wisconsin-based Fiserv’s technology as the “lifeblood of Bessemer” in that it is used to run the website, generate statements and track deposits. But now, the credit union says it’s ditching Fiserv, a Fortune 500 company that says it has some 12,000 clients in over 80 countries. “To protect the credit union’s members, the credit union is replacing its core processing vendor and will be taking appropriate legal action against the vendor,” said Charles Nerko, a […]
The post Fintech giant Fiserv sued by Pa. credit union for ‘baffling security lapses’ appeared first on CyberScoop.
Continue reading Fintech giant Fiserv sued by Pa. credit union for ‘baffling security lapses’
A top House lawmaker, along with former Department of Homeland Security officials, say the partial government shutdown is hampering federal officials’ ability to anticipate and proactively address cyberthreats. “We can kind of address things as they come, but we can’t look forward and do additional mitigation and other kinds of things that we normally do,” Rep. Bennie Thompson, D-Miss., told reporters Thursday at an event on Capitol Hill on the security implications of the shutdown. “So if somebody tells us about something or we identify it, we can go after it,” added Thompson, who is chairman of the Homeland Security Committee. “But we can’t plan for the next month or the next three months because we don’t have the capacity to do it with the shutdown.” Former DHS officials agreed that the partial shutdown, which began Dec. 22 and has 800,000 workers across all agencies furloughed or working without pay, […]
The post Shutdown erodes feds’ ability to set cyber strategies, say lawmaker and ex-DHS officials appeared first on CyberScoop.