A key problem in organizations is that security and development are treated as two disparate processes instead of part of the same system. Executives deal with security issues after the fact and don't make it part of the development pipeline, said Nick Durkin, field CTO at Harness.
The fundamentals of protecting against application-based malware attacks are no different from infrastructure-based attacks, and it is all about having threat intelligence, context and the capability to really understand these applications, said Mariano Nunez, co-founder and CEO at Onapsis.
Organizations are faced with the security challenges presented by the combination of custom and open-source code. Sandeep Johri, CEO of Checkmarx, suggests treating all open-source code as an unknown source and conducting security checks using software composition analysis to identify vulnerabilities.
The U.S. national cybersecurity strategy released by the Biden Administration is part of a larger effort to draw attention to the pervasive issue of cybersecurity liability on the part of vendors. The strategy also calls for ramping up the adoption of software bill of materials, or SBOMs.
The recently published U.S. national cybersecurity strategy has sparked a positive conversation, but questions remain about regulation and its implementation, said Grant Schneider of Venable. He said the industry needs more clarity about short-term and midterm regulatory changes.
APIs are delivering huge business value, but people don’t know how many APIs they have in their organization, what they do or who controls them. And that causes massive security vulnerabilities, according to CyberEdBoard panelists Chase Cunningham and Richard Bird.
A startup cybersecurity strategy should be akin to a Russian doll: It should be built to preserve core elements of business. In most cases, this is a product offering, which needs to be secure, said Venkat Ranga, vice president of business information systems and head of IT at Aryaka Networks.
Cybersecurity professionals are stressed out, overworked, underpaid and working on short-staffed teams, said Candy Alexander, president of the ISSA International Board. She advised organizations to look for the right indicators of a good cybersecurity culture.
How do we manage the risk of global supply chain attacks? Will a shift in cybersecurity liability to software providers help improve the problems of software vulnerabilities? Adam Isles, principal of The Chertoff Group, said mandating software bill of materials measures has its own challenges.
Application security and delivery vendor F5 will shrink its workforce by 9% due to customers delaying purchasing decisions amid macroeconomic uncertainty. The Seattle-based firm will lay off 623 of its 7,100 employees as part of a cost-cutting effort that includes reducing F5's facilities footprint.
Akamai Technologies has agreed to purchase a finalist in last year's RSA Conference Innovation Sandbox Contest to get more visibility into the API threat landscape. Silicon Valley-based Neosec will help customers discover all their APIs, assess their risk and respond to vulnerabilities and attacks.
Snyk has executed its third round of layoffs since June 2022, axing 128 workers amid projections of challenging market conditions persisting into early 2024. The Boston-based application security vendor revealed Thursday plans to reduce its more than 1,200-person staff by an estimated 11%.
Microsoft has issued fixes for 114 vulnerabilities, including patching a zero-day flaw being actively exploited by a ransomware group and updating guidance to block a vulnerability from 2013 that was recently exploited for the software supply chain attack on 3CX users, attributed to North Korea.
Days after Google suspended the popular budget e-commerce application Pinduoduo from its Play Store, researchers are alleging that the Chinese app can bypass phones' security and monitor activities of other apps, including accessing private messages and changing settings.
There's much national security ado about how much user data gets collected by the Chinese-owned, wildly popular video-sharing app TikTok. But as France's ban of "recreational apps" from government-issued devices highlights, a bigger-picture approach for combating surveillance is required.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.