Complying with data protection regulations isn’t easy, but it has traditionally involved dealing with familiar risks. For example, do your IT admins have the right amount of access to systems touching sensitive information? Review, remediate, report, and repeat. Compliance has been cumbersome, but workable. The problem is, today’s attack surface is nowhere near workable. And it’s evolving to include threats that most compliance programs aren’t yet accounting for.

Understanding the factors influencing cybercriminal behavior is essential for developing effective cybercrime prevention strategies. Rationality plays a significant role in shaping criminal decisions, particularly through the lens of the rational actor model and deterrence theory.

Application development is a multistage process. The App goes through various stages, each with its own area of focus. However, application security, a.k.a. AppSec, is constant throughout all the stages. For example, when a developer codes, it’s expected that the code will be secure. Similarly, the artifacts that are worked upon or generated as an end output of the respective stages are all required to be secure.

In this new series, CJ May shares his expertise in implementing secure-by-design software processes. The second part of his DevSecOps program is all about implementing secure-by-design software pipelines.

In the race for technological innovation, companies often sprint toward product launches but find themselves in a marathon when fixing vulnerabilities. This dichotomy poses a significant challenge, especially with the ever-increasing security loopholes. CISA recommends addressing critical issues in less than 15 days, but it may be wishful thinking. IT teams are inundated with an ever-increasing volume of security alerts, making it challenging to prioritize and address each one effectively.

Researchers discover modified Notepad++ plug-in, new junk gun ransomware appears on cybercrime forums, and a malvertising campaign targets IT teams.

The huge ecosystem of integrations has over time become a true differentiator for Open Policy Agent (OPA), and an embodiment of the project’s promise to provide policy across the “whole cloud native stack”. Integrating OPA into a new tech stack also tends to be a rewarding experience for developers, which might help explain why so many integrations have been provided by external contributors over the years.

While unit testing is crucial for improving code quality and reducing later testing time, it consumes at least 15% of developers' time. Developers can utilize automated fuzz tests to allocate more time for developing new features. They replace negative test cases, constituting around 30% of unit tests. In a recent analysis of a Java project using a fuzzing platform, a single fuzz test was equivalent to potentially 309 unit tests, achieving 74% code coverage within just 25 seconds.

The fight against money laundering and terrorist financing requires a united front, with financial institutions and large corporations playing a critical role. One key weapon in this arsenal? Politically Exposed Persons (PEP) screening. PEP screening identifies individuals with prominent public positions or close ties to them, who may be exposed to a higher risk of bribery, corruption, and other financial crimes due to their influence.

Tech leaders taking cybersecurity seriously is something of a double-edged sword. While it’s undoubtedly good that organizations are waking up to the genuine threat cyberattacks pose, it’s depressing that they must siphon off so many resources to protect themselves rather than using them for growth and innovation.