Featured
06/13/2024
Microsoft’s Brad Smith acknowledges past security failures, outlines new initiatives
Not everyone was as harsh on Microsoft’s previous mistakes. Jeff Williams, co-founder and chief technology officer at application security software platform provider Contrast Security Inc., noted that “while it’s pretty obvious in hindsight that they made a mistake, I think commentators are judging them without seeing the whole picture.”
“The unfortunate reality is that software is far more complex than most people understand,” he said. “A single application is built from dozens of source code repos, hundreds of open-source libraries, multiple application frameworks, server software and often multiple language platforms. And Microsoft has tens of thousands of applications, each of which has vulnerabilities reported all the time by tools, penetration testers, customers and more.”
04/24/2023
App Protection Platform Provider Contrast Security Launches MSSP Program; Contrast Builds Leadership Team
Working with Contrast solutions provides MSSPs.
04/21/2023
Security-by-Design Guidelines From International Coalition Pressure Manufacturers to Bake Defenses Into Products
New security-by-design and security-by-default guidelines from a collection of federal agencies.
04/21/2023
The 3CX compromise: a complex supply-chain attack.
The incident that affected 3CX was a complex supply-chain attack executed by a threat actor connected to a nation-state.
04/20/2023
RSA 2023 Preview: Modern Bank Heists Are All About the Hostages
In the second installment of our three-part series leading up to RSA Conference 2023.
04/20/2023
Contrast Security Unveils MSSP Program for Code Security
The new MSSP program is under the company's Security Innovation Alliance.
04/20/2023
3CX breach linked to software supply chain attack on third party
A successful breach of videoconferencing and business phone company 3CX Ltd.
04/17/2023
The Security and Productivity Implications of Low Code/No Code Development
The low code/no code movement provides simplified app generation – but it needs to be understood to be safe.
04/13/2023
OSC&R embraces GitHub: Will it move the needle on supply chain security?
Here's what the Open Software Supply Chain Attack Reference (OSC&R) framework move means in the short run — and long term.
04/13/2023
Pentagon super-leak suspect cuffed: 21-year-old Air National Guardsman
When bragging about your job on Discord gets just a little out of hand?
04/11/2023
Why 'shift left' is now a dirty term in some security circles
Here's why some security practitioners question the term — and what they think app sec teams should focus on instead.
04/07/2023
A. Today’s MSSP, MSP, MDR, XDR and Cybersecurity Market News
Each business day, MSSP Alert delivers a quick lineup of news, analysis and chatter from across the managed security services provider ecosystem.
04/07/2023
US, NATO military plans leak: Actual war strategy or pro-Kremlin shenanigans?
Russia is the king of disinformation and hybrid warfare' expert tells El Reg.