Just as consumers can look at a box of Twinkies and read a list of ingredients, so too should software makers provide users with a "bill of materials" explaining their composition, says Allan Friedman, director of cybersecurity initiatives at the U.S. National Telecommunications and Information Administration.
Software development over the past decade: The good news is that more organizations than ever have secure software development practices in place, says Chris Eng, chief research officer at Veracode. But the bad news is that many of the same flaws - including injection vulnerabilities - persist.
Moving from EDR to XDR creates new visibility gaps for organizations, says Sameer Malhotra of TrueFort, who explains a new approach to application threat detection and response.
While the cost of sequencing the human genome continues to decrease, the imperative to secure this most personal of personally identifiable information does not, says Brian Castagna, CISO of Seven Bridges. He shares best practices for all organizations that store sensitive information in the cloud.
Andre Durand has spent decades in the cybersecurity sector and had identity in his sights when he founded Ping Identity in 2002. Nearly 20 years later, the industry is embracing the notion that cybersecurity begins with secure identity.
Australia reportedly took a sensitive military recruiting database offline for 10 days in February following concerns it may have been compromised. The Defense Department says there's no evidence data was stolen.
As organizations face having to demonstrate compliance with a broad range of regulations that have an IT and cybersecurity impact, the imperative is to adopt frameworks such as ISO 27001 and NIST 800-53, says David Ogbolumani, chief cybersecurity and privacy officer at IT Security Consultants.
Behavioral biometrics can play an important role in thwarting ever more sophisticated payment fraud schemes, says Robert Capps of Mastercard, who provides a fraud-fighting update.
Software development benefits from security checks being brought to bear early and often, but the blending of in-house and open source code has historically complicated that process, says Patrick Carey of Synopsys. Now, however, maturing toolsets and approaches are facilitating security checks, he says.
In response to White House warnings that 5G infrastructure equipment built by Huawei could be subverted by China to conduct espionage, Andy Purdy of Huawei Technologies USA says his company has pledged full transparency and urges competitors to follow suit.
As the RSA 2020 conference showcased "The Human Element," Palo Alto Networks' M.K. Palmore turned his attention to the passive insider threat - the one that intends no malicious harm, but whose actions can lead to costly breaches.
So far, there have been 92,000 reported cases of coronavirus globally, with 3,200 deaths. Global markets have been rocked, and major employers are revisiting their plans for staffing, travel and conferences. What do the numbers and trends mean? Pandemic expert Regina Phelps analyzes the latest developments.
Today's security practitioners need to fuse cybersecurity with compliance and privacy. Stacy Scott and Alan Brill of Kroll discuss a defensible security strategy.
Retired General Keith Alexander knows a thing or two about building defenses. As the president of IronNet Cybersecurity, the ex-NSA director is now calling for private sector and government entities to come together in an effort he describes as "collective defense."
Two Chinese nationals have been indicted by the U.S. Justice Department for allegedly laundering $100 million in cryptocurrency stolen by North Korean hackers in 2018.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.