Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A policy, by definition, is a statement of management intent that is mandatory for an organization. A security policy, obviously, focuses on the security of information assets.

When FedEx founder Fred Smith attended Yale in the mid-1960s, he wrote an economics paper describing the concept of overnight delivery of packages by air. His professor infamously gave him a “C” grade because he viewed it as implausible. But Smith knew something his professor didn’t—and it was an idea that would change the way the business world worked forever. I bring this story up for two reasons. For one thing, I worked for FedEx and learned a lot from my time there.

During my first few years as a CISO at Avid Technology, I was able to install a robust cybersecurity program. (Avid is a software provider that equips digital content creators with innovative tools.) With the help of my security team, Avid had become more mature in their control measures. This maturity meant we were better armed to address cyber vulnerabilities. ‍ Unfortunately, on top of my regular duties, I also had to face an even greater challenge.

The Service Location Protocol (SLP), as defined in the RFCs, is vulnerable to abuse allowing attackers to use it as a powerful reflective denial-of-service amplification vector. Earlier this year, Bitsight and Curesec published a joint research regarding this flaw tracked as CVE-2023-29552, which details the issue as well as its global impact and exposure.

The automotive industry stands at the crossroads of innovation and vulnerability. As cars become increasingly connected, with advanced systems and features that rely on intricate software, the rise of automotive hacking has become a pressing concern. The convergence of traditional mechanical engineering and cutting-edge software has given rise to a new breed of threats that extend beyond physical security, delving into the digital realm of vehicle control systems.

It’s well known by now that cyber attacks and successful breaches have exploded in recent years. Accenture’s latest report on the state of cybersecurity notes that companies experience an average of 270 attacks per year. And Gartner warns that nearly half of organizations worldwide will experience an attack on their digital supply chains.

Supply chain management has become a top priority for businesses due to the increasing use of digital technologies and geopolitical uncertainties, making global supply chains more vulnerable than ever to disruptions. This reality highlights two critical aspects of supply chain management: Supply Chain Risk Management (SCRM) and Supply Chain Security Management (SCSM).

The great Yogi Berra is often quoted as having said "in theory, there is no difference between practice and theory. In practice, there is." Perhaps the same can be said about software licensing agreements. There are often two dimensions to any software license agreement: what’s in the agreement and how the commercial relationship is implemented in practice.