Instead of disrupting development with gates, organizations can implement a security champions program to build security guardrails into development. Here are five considerations for implementing an effective security champions program.
Software as a service (SaaS) has taken over, and the average enterprise now uses hundreds of unique SaaS applications to accelerate their digital transformation and business velocity. However, while SaaS has fulfilled its growth-enabling potential, most organizations have lost their grip on its consumption and use. IT and security teams can no longer depend on network or endpoint controls to govern application access.
Tim Danks, Huawei VP of Risk Management, discusses his thoughts on cybersecurity and the great need for global collaboration to build cyber risk management standards across the world.
The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2021 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list.
To help software vendors and customers defend against these attacks, CISA and the National Institute for Standards and Technology (NIST) have released Defending Against Software Supply Chain Attacks. This new interagency resource provides an overview of software supply chain risks and recommendations. The publication also provides guidance on using NIST’s Cyber Supply Chain Risk Management (C-SCRM) framework and the Secure Software Development Framework (SSDF) to identify, assess, and mitigate risks.
Researchers at Rapid7 evaluated five areas of cybersecurity that are both critical to secure to continue doing business on and across the internet, and are squarely in the power of CISOs, their IT security staffs, and their internal business partners to address, in their new round of Internet Cyber-Exposure Reports (ICERs). These five facets of internet-facing cyber-exposure and risk include:
SAP systems running outdated or misconfigured software are exposed to increased risks of malicious attacks, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned. SAP applications help organizations manage critical business processes—such as enterprise resource planning, product lifecycle management, customer relationship management, and supply chain management.
The Synopsys Cybersecurity Research Center (CyRC) analyzed more than 3,000 popular Android applications to assess the state of mobile app security during the COVID-19 pandemic. The study targeted the most downloaded and highest grossing apps across 18 categories, many of which have seen explosive growth during the pandemic.
In the current environment, it is wise to incorporate security into your software development lifecycle as early as possible. Historically, security checks were a pre-release gateway for a software team: if you passed, your product/service could go to production. At the same time, security checks used to require a code and environment freeze, while audit preparations led to chaos and a non-systematic approach in collecting important security documentation. All these elements led to a bottleneck for the project team. However, a long wait for security testing results is no longer an option since the typical project pace has significantly increased. Various project models suggest their own approaches for introducing security into software development.
One of the most important realities for enterprises to accept is that software security can only happen if developers have both the tools and the training to code securely. Here, we speak to Chris Wysopal, Chief Technology Officer and co-founder at Veracode about trends in software security and what organizations can do to make developers better at secure coding.
