cybersecurity

DevSecOps is a software development approach that aims to integrate security practices into DevOps processes. Implementing DevSecOps efficiently requires organizations to make security an integral part of software quality by using automated security tools in their CI/CD pipeline. Crucially, the DevSecOps approach to software development offers a way to embed application security into the entire

Imagine you have to check for danger on the other side of an impassable mountain you cannot walk around. What would you do? A low-tech solution would be to tunnel through and have a look. Swing by swing with a pickaxe to break the stone, and then shovel by shovel to haul the broken rock

The NIST cybersecurity framework has been a go-to resource for defining cybersecurity strategies, policies, and activities ever since version 1.0 was published back in 2014. Originally intended specifically for US companies operating critical infrastructure, it soon gained popularity across all industries and is used by CISOs worldwide. February 2024 saw the launch of version 2.0

Important Information   The xz-utils package in versions 5.6.0 and 5.6.1 contains a malicious backdoor that could potentially allow remote access to SSH sessions for remote code execution (RCE) on certain Linux systems under specific circumstances and configurations. It is recommended that all Linux users verify their xz-utils version is earlier than 5.6.0 and downgrade

Focused on detection and response, security leaders might not think of DAST tools as an essential component of their AppSec toolbox. All too often, external vulnerability scanning is only performed during periodic third-party tests, giving you snapshots of your security posture that can be months out of date. What if you could run your own

Some days, it feels like every application and system out there is getting new functionality based on large language models (LLMs). As chatbots and other AI assistants get more and more access to data and software, it’s vital to understand the security risks involved—and prompt injections are considered the number one LLM threat. In his

As the saying goes, it’s tough to make predictions, especially about the future. And yet everyone tries—whether for planning or in the naive hope of not getting caught off-guard this time. While we do have our own modest tradition of end-of-year prediction posts on this blog, we look to the experts to help us make

In early December 2023, the U.S. Department of Health and Human Services published a concept paper outlining imperative new guidelines for healthcare organizations tackling cybersecurity. The publication comes on the tailwind of the Biden-Harris administration’s National Cybersecurity Strategy, building off of that momentum with a renewed focus on one of the nation’s most high-risk sectors.

It’s tempting to speak about security in binary terms: fixed or not fixed, patched or unpatched, secure or insecure. Reality, though, is more about shades of gray and probabilities than absolutes. It’s also about limited resources and endless prioritization—always with the awareness that the stakes are high and any security gaps you fail to address