Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Live From RSAC: Disinformation: As Dangerous as Cyber and Physical Threats

In today’s digital world, we practically live on our phones or computers. Chances are, you don’t go more than 15 minutes without checking your email or social media. And you probably get most of your news from the Internet. But how do you know what information is real? Two different news sites might be giving a different opinion of the same story. Take the presidential election, for example. There was a frenzy of fake news trying to sway voters in one direction or the other.

Live From RSAC: Is Digital Transformation Making AppSec Headless?

Chris Wysopal, Veracode Co-Founder and CTO, recently sat down with Tom Field, ISMG Senior Vice President of Editorial, for an executive interview at the RSA Conference 2021 to discuss if digital transformations are making application security (AppSec) “headless.”

Live From RSAC: AppSec's Future and the Rise of the Chief Product Security Officer

Chris Wysopal, Co-Founder and CTO at Veracode, and Joshua Corman, Chief Strategist of Healthcare and COVID at CISA, presented at the 2021 RSA Conference on AppSec’s future and the need for a new Chief Product Security Officer (CPSO) role. Wysopal started by quoting entrepreneur Marc Andreessen saying, “Software is eating the world,” to express just how much we rely on technology. From our iPhones and laptops to our cars and even our refrigerators … software is everywhere.

A Closer Look at the Software Supply Chain Requirements in the Cybersecurity Executive Order

Software security is a big focus of the Biden administration’s recent executive order on cybersecurity. In fact, an entire section, or 25 percent, of the order is dedicated to software security requirements. In the wake of the SolarWinds cyberattack, the security of the software supply chain is clearly top of mind at the White House, and has prompted these unprecedented and detailed security requirements for any software vendor looking to do business with the federal government.

Meeting the Security Needs of Modern Developers

Technological innovation doesn’t slow down when it comes to software, but neither do cyberattacks. The rapid pace of modern programming brings the need for agility and security that can scale and improve to meet business needs. Organizations that want to keep up with innovation while staying secure need more than just capable tools in their tech stacks; having the right people in the right seats to champion your security efforts throughout the development process is also key.

2021 Verizon Data Breach Investigations Report Proves That Cybercrime Continued to Thrive During the Pandemic

Verizon recently published its 2021 Data Breach Investigations Report (DBIR). This year, Verizon analyzed 79,635 incidents, of which 29,207 met their quality standards and 5,258 were confirmed data breaches, from 88 countries around the world. Despite the global pandemic, the DBIR uncovered that cybercrime continued to thrive. Like previous years, the majority of breaches were financially motivated, and most were caused by external actors illegally accessing data.

New Cybersecurity Executive Order: What You Need to Know

Last night, the Biden administration released an executive order on cybersecurity that includes new security requirements for software vendors selling software to the U.S. government. These requirements include security testing in the development process and a bill of materials for the open source libraries in use, so known vulnerabilities are disclosed and able to be tracked in the future. Without following these standards, companies will not be able to sell software to the federal government.

Recent Pipeline Attack Highlights Our Vulnerable Infrastructure

On Thursday, May 6, Colonial Pipeline, which operates a pipeline that delivers gasoline and jet fuel to nearly 45 percent of the U.S. East Coast, fell victim to a ransomware attack. The attack took over 100 gigabytes of data hostage, causing the company to halt all pipeline operations and shut down several of its systems. The attackers, identified as a criminal gang known as DarkSide, threatened to leak proprietary information unless a ransom is paid.

Executive Order on Cybersecurity Is Imminent: It's Been a Long Time Coming

Following President Biden’s address to Congress last night in which he referenced cybersecurity as a priority twice, news is circulating today that the executive order on cybersecurity is imminent. This news comes as a much awaited and long overdue step towards creating standardization and structure around cybersecurity.

Developer Training Checklist: 5 Best Practices

The role of the developer has evolved over the past several years. Developers are not only responsible for writing code and releasing new software rapidly but also for securing code. By implementing security in the software development lifecycle, you can reduce risk and cost without slowing down time to production. But the developer role is already stretched so thin and many developers don’t have a background in security.