Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Chipmakers Intel and AMD release patches for multiple vulnerabilities in multiple products, including a series of high severity issues in software drivers. [Read More]
AT&T Alien Labs researchers flag new Golang-based malware threat that could potentially infect millions of routers and Internet of Things (IoT) devices. [Read More]
Zoom ships multiple security bulletins calling special attention to a pair of “high-risk” bugs affecting its on-prem meeting connector software and the popular Keybase Client. [Read More]
Google and Adobe release open source tools for continuous fuzzing and detecting living-off-the-land attacks. [Read More]
U.S. Vice President Kamala Harris on Wednesday announced support for the Paris Call for Trust and Security in Cyberspace. [Read More]
Palo Alto Networks is calling urgent attention to a critical-severity vulnerability in its GlobalProtect portal and gateway interfaces. [Read More]
An authenticated attacker could exploit the flaw to trigger the restart of the WordPress installation process and create an administrator account. [Read More]
Researchers warn that the malware has extensive spyware capabilities, including data theft, GPS monitoring, and audio and video recording. [Read More]
Adobe patches a security flaw in the RoboHelp Server product, warning that corporate environments are exposed to arbitrary code execution attacks. [Read More]
The U.S. Treasury Department slaps sanctions against the Chatex cryptocurrency exchange and offers multi-million-dollar rewards for information on the REvil ransomware gang. [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Travis Greene's picture
Shadow IT 2.0 is a symptom of a bigger problem – the inability to maintain digital competitive advantage due to the insufficient pace of code deployment.
Jim Ivers's picture
Savvy organizations have learned how to use a mix of static and dynamic application security testing types to increase their coverage and lower their risk.
Dan Cornell's picture
When security teams can assess brand, financial, strategic risks – they are best able to act as a trusted advisor to DevOps teams as they build and maintain secure systems.
Travis Greene's picture
2017 is the year for information security teams to align to the work being done in DevOps – whether you call it DevSecOps or not.
Lance Cottrell's picture
OODA loop is a well established concept often used in security which originated in the military. OODA stands for Observe, Orient, Decide, Act.
Jim Ivers's picture
Hackers are human. Hopefully that doesn’t surprise you too much. Being human means that they are subject to human tendencies, like taking the path of least resistance.
Jim Ivers's picture
Aside from tools, there are many types of application security testing that can be used to find vulnerabilities in software. An organization must consider multiple software security testing methods to really manage its risk.
David Holmes's picture
Considering that you can find vendors, startups, and specialists in any of these 28 application security technologies, is it realistic to expect any one person to be a subject matter expert in all of them?
Jim Ivers's picture
Experienced organizations learn that security is not a drag on performance, but can provide productivity gains by eliminating security vulnerabilities early in the development process.
Jim Ivers's picture
Built in or bolted on? When have you ever seen “bolted on” as the first choice of anyone in just about any imaginable scenario? Yet for software security, “bolted on” is certainly the norm.