The new bill, the DHS Software Supply Chain Risk Management Act of 2021 (H.R. 4611), will secure the supply chains involved in Department of Homeland Security software contracts by requiring a new certification.
Oftentimes, security leaders and organizations need more clarification about the types of cybersecurity assessment services. Let's look at the goal of each service, its scope and the methodology used.
In a new study that surveyed enterprises with 3,000 or more employees, 60% of respondents are concerned pentesting gives them limited coverage or leaves them with too many blind spots.
The Pentagon’s Cyber Crime Center and bug bounty vendor HackerOne have launched the Defense Industrial Base Vulnerability Disclosure Program (DIB-VDP), an effort to share vulnerability data and boost digital hygiene within the defense industrial base. According to HackerOne, any information submitted to the DIB-VDP under this program will be used for defensive purposes – to mitigate or remediate vulnerabilities in DoD contractor information systems, networks, or applications.
Meet Ali Golshan, CTO and co-founder at StackRox, a Mountain View, Calif.-based leader in security for containers and Kubernetes. Prior to StackRox, he was the Founder & CTO of Cyphort (acquired by Juniper Networks) and led the company's product strategy and research initiatives. Previously, he worked as a security researcher and engineer at Microsoft and PwC. His career started in government, conducting security and vulnerability research for the intelligence community. Here, we talk to Golshan about the benefits of DevOps.
The Common Vulnerabilities and Exposures (CVE®) Program announced it is granting authority to the Cybersecurity and Infrastructure Security Agency (CISA) for managing the assignment of CVE Identifiers (IDs) for the CVE Program.
The Cybersecurity and Infrastructure Security Agency (CISA) issued a draft binding operational directive, BOD 20-01, which will require federal civilian executive branch agencies to publish a vulnerability disclosure policy (VDP).
In the simplest terms, the “attack surface” is the sum total of resources exposed to exploit within your enterprise. Defending the attack surface was a lot less complicated when a defined corporate “perimeter” existed, neatly separating a company’s assets from the outside world. But, next-gen technologies (e.g., cloud computing and software-defined networking) have dissolved the perimeter, causing the attack surface to grow exponentially.
