Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Celebrated cryptographer Moxie Marlinspike is stepping down as chief executive at Signal, the encrypted messaging app he created more than a decade ago. [Read More]
The non-profit group says companies that ship open-source code should do much more to help with security audits and fixes. [Read More]
The U.K.’s National Health Service warns that an unknown threat actor is successfully hitting vulnerable VMWare Horizon servers with Log4j exploits. [Read More]
Researchers document a credential -stealing banking malware campaign exploiting Microsoft's digital signature verification. [Read More]
VMware ships patches for heap-overflow vulnerability that could lead to code execution attacks. [Read More]
Recorded Future snaps up SecurityTrails for a direct entry into the booming attack surface management business. [Read More]
The Goldman Sachs-owned startup formerly known as White Ops is planning on global expansion and new industry categories. [Read More]
Google expands push into the lucrative cybersecurity business with a new deal to acquire late-state SOAR startup Siemplify. [Read More]
Hospitality chain McMenamins confirms employee information dating back to January 1998 was compromised in a recent ransomware attack. [Read More]
CrowdStrike is using Intel CPU telemetry to beef up detection of sophisticated exploits and to backport memory safety protections to oder PCs. [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Gunter Ollmann's picture
CISOs are increasingly partnering with DevOps leaders and vigilantly modernizing secure development lifecycle (SDLC) processes to embrace new machine learning (ML) approaches.
Gunter Ollmann's picture
The philosophy of integrating security practices within DevOps is obviously sensible, but by attaching a different label perhaps we are likely admitting that this “fusion” is more of an emulsification.
Preston Hogue's picture
The ability to look deeply into user and system behavior and identify the smallest anomaly will become the essential toolkit to stem the tide of fraud and theft in financial services.
Preston Hogue's picture
Retailers should ensure that they are proactively scanning for vulnerabilities in the website, as well as deploying a solution to monitor traffic.
Preston Hogue's picture
Every piece of hardware, every integration, every API, every process, as well as applications themselves, are potential targets.
Preston Hogue's picture
Applications have been deconstructed to the point where we need to think about them with a new level of abstraction to understand how security needs to evolve.
Preston Hogue's picture
The best way for the security industry to meet the challenge of modern applications and modern app development is to adopt a modern way of supporting those from a security perspective.
Preston Hogue's picture
ChatOps offers a bridge to a fully realized vision for DevSecOps, offering a much quicker path to resolution for both security and non-security issues.
Preston Hogue's picture
If done right and integrated throughout the process, security ends up being not a source of friction, but a function that protects the business, at the speed of business.
Ashley Arbuckle's picture
With a holistic approach you can enable efficient segmentation across your infrastructure, identify anomalies faster by using process behavior deviations, and reduce your attack surface quickly.