Application security remains a wide attack vector for cybercriminals, but cybersecurity leaders can use tools to better detect vulnerabilities in their applications and software supply chains.
Much of the focus around Elon Musks’ Twitter takeover has centered around how he will treat free speech on the platform. But, two of his promises may have bigger implications for cybersecurity.
Lesson from Log4J: Security vulnerabilities are not just high-profile events like the recently identified Log4J exploit, but rather an ongoing threat on many fronts that need constant attention.
The open-source and developer community has adopted Open Policy Agent (OPA) as the de facto standard for authorization.
There are three critical ways OPA can help organizations solve for authorization:
By staying on top of open source trends, scanning frequently and working with security counterparts to get the information needed, developers can fix more third-party library flaws faster to develop more secure applications in the future.
Two Illinois Institute of Technology graduate students have published research examining whether extremists can be identified through their anonymous online posts.
The CERT Coordination Center (CERT/CC) has released information on 33 vulnerabilities, known as AMNESIA:33, affecting multiple embedded open-source Transmission Control Protocol/Internet Protocol (TCP/IP) stacks. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Synopsys, Inc. released the report, DevSecOps Practices and Open Source Management in 2020, exploring the strategies that organizations around the world are using to address open source vulnerability management as well as the growing problem of outdated or abandoned open source components in commercial code.
Open-source intelligence (OSINT) is having a moment. Just a few years ago, presentations on OSINT began with a quote from one of a few different senior intelligence community officials who reportedly said that somewhere between 80-90% of valuable information comes from public sources. Many presentations today start similarly, but OSINT no longer needs the validation of government greats. Films like Searching and Don’t f**ck with Cats have introduced the discipline to a wider audience, organizations such as Trace Labs host popular OSINT competitions for the common good, and the investigators associated with the website Bellingcat are now media fixtures.
The Information Security Forum has announced the release of Deploying Open Source Software: Challenges and Rewards, helping security professionals recognize the benefits and perceived challenges of using OSS and set up a program of protective measures to effectively manage OSS.