Risky business: 3 timeless approaches to reduce security risk in 2021

Since the COVID-19 pandemic drove workforces home, we’ve seen an increase in security risk across the board: from an increase in phishing and spear phishing attacks to an increase in reliance on third-party DNS-over-HTTPS resolver use and sophisticated nation-state attacks like the one that hit SolarWinds. The gap between what organizations are trying to protect […]

Live From Gartner Security & Risk Mgmt Summit: Running Midsize Enterprise Security

Over the past few months, I’ve experienced an increased interest in DevSecOps from midsize enterprises, so I was especially interested in attending Neil Wynne and Paul Furtado’s session “Outlook for Midsize Enterprise Security and Risk Management 2019” at the Gartner Security & Risk Management Summit in National Harbor, MD this week. 57 Percent of Midsize […]

Live From Gartner Security & Risk Mgmt Summit: Pair Security Trainings With Technical Controls

“We often forget that technology cannot solve the world’s problems.” That was one of the opening lines of Joanna Huisman’s session “Magic Quadrant for Security Awareness Computer-Based Training” at the Gartner Security & Risk Management Summit in National Harbor, MD. While her Magic Quadrant doesn’t address DevSecOps trainings, I took away some valuable lessons that […]

Contain yourself, Docker: Race-condition bug puts host machines at risk… sometimes, ish

Tricky to exploit in the real world, which is good because no official fix is available yet A vulnerability in all versions of Docker can be potentially exploited by miscreants to escape containers’ security protections, and read and write data on host machines, possibly leading to code execution.… The Register – Security

Unchecked open source components introducing more risk to businesses

At Veracode, we’ve been the first and the loudest in proclaiming that companies need to be vigilant in how they use open source components in their software. Our research shows that open source components are used with increasing regularity in the enterprise. The State of Software Security Volume 9 report, which examined 700,000 scans over […]

Next Page »