In the News

Tom Kellermann, SVP of Cyber Strategy at Contrast Security, a security and development company helping organizations deploy secure code, spoke to Techopedia about the issue. “The safety of the U.S. water supply is in jeopardy. Rogue nation states are frequently targeting these critical infrastructures, and soon we will experience a life-threatening event.”

For many dev and security teams, a reset on culture and mindset is critical to begin integrating security into every phase of the software development lifecycle as a shared responsibility, as opposed to addressing security after development. In this archived keynote session, Larry Maccherone, DevSecOps transformation architect of Contrast Security, highlights ways to fundamentally transform the process of AppSec and DevOps, to a modern DevSecOps approach. This segment was part of our live webinar titled, “How to Amplify DevOps with DevSecOps.” The event was presented by InformationWeek on May 22, 2024.

"These technologies increase the attack surface of the grid," Tom Kellerman, senior vice president of cyber strategy for the application security software platform Contrast Security, told Information Security Media Group. "Segmentation, two-factor authentication, least privilege and runtime security are imperatives for the safety of the grid."

…
"The expedited process will undermine the cybersecurity preparedness of the grid," Kellerman said. "Given the increase in destructive cyberattacks being launched by rogue nation-states, cybersecurity assessments must be performed prior to projects going live."

Cybercriminals are likely to use First American's infrastructure to "island hop" to other financial services players, said Tom Kellerman, senior vice president of cyberstrategy at Contrast Security. He warned of the threat of home equity fraud, where a criminal could establish a line of credit against someone else's home.  "Inevitably the owner of the home is the one that's penalized by the system for not paying their debt," he said. "And that is increasing. That is my biggest concern regarding this breach."

Jeff Williams, CTO and co-founder of Contrast Security, said it took 30 years of programming to build the foundation of all computing in C/C++. "Replacing the foundation with safer languages will likely take much longer. Our C/C++ foundation has the benefit of 30 years of torture to make it strong. However, perhaps a few new projects will choose safer languages from the get-go. I suppose that's a bit of progress."
…

But let’s not just blame the third-party providers because the attackers leverage the increasing complexity of today’s software supply chains. “This is a problem that will take many years for the software industry to solve. The complexity of a pharmaceutical or manufacturing supply chain pales in comparison with a modern software supply chain. Literally, everything involved in creating software can introduce malware and vulnerabilities,” said Jeff Williams, co-founder and CTO of Contrast Security. He tells CSO, “Every piece of software you use depends on many hundreds of thousands of people, any of whom has a path to introducing malware into your code. That’s not even counting hackers that find and exploit vulnerabilities.”

Tom Kellermann, SVP of Cyber Strategy at Contrast Security told Security Magazine: “The safety of the U.S. water supply is in jeopardy. Rogue nation states are frequently targeting these critical infrastructures, and soon we will experience a life-threatening event.” That doesn’t sound like a long ways away.

Despite the fresh capabilities, don't expect the model to fundamentally change how a gen AI tool helps either attackers or defenders, said cybersecurity expert Jeff Williams.

"We already have imperfect attackers and defenders. What we lack is visibility into our technology and processes to make better judgments," Williams, the CTO at Contrast Security, told Information Security Media Group. "GPT-4o has the exact same problem. So it will hallucinate nonexistent vulnerabilities and attacks as well as blithely ignore real ones."

Naomi Buckwalter is an accomplished Information Security Leader, Nonprofit Director, Keynote Speaker, and LinkedIn Learning Instructor. With extensive experience in directing information security programmes, she has notably served as Director of Product Security at Contrast Security and Director of Information Security & IT at Beam Dental. Buckwalter’s expertise encompasses compliance, risk management, and security operations.

She is also the Founder & Executive Director of the Cybersecurity Gatebreakers Foundation, aiming to revolutionise cybersecurity hiring practices. With a background in computer science and over 99K followers on LinkedIn, she is recognised for her contributions as a cybersecurity thought leader and advocate for diversity in tech.

A big contributor to the NVD backlog is the flood of vulnerabilities reported to the repository — more than 100 per day in 2024, according to David Lindner, CISO of Contrast Security, a maker of self-protecting software solutions.

While a consortium could bring valuable resources and expertise, potentially speeding up analysis and reporting, it could also introduce politicization and commercialization to the project, Lindner says.

Developers will “eat” the IT security function, predicted Larry Maccherone, who works as the Dev[Sec]Ops transformation architect for security automation platform Contrast Security and made headlines as the author of the DevSecOps Manifesto. It’s inevitable, he argued. And as if that’s not shocking enough, testing in production should become the norm, he added.

It may sound crazy, and the InfoBip audience of primarily new programmers seemed hesitant to embrace the idea. Nonetheless, Maccherone laid out his case at an InfoBip Shift workshop in Miami last month.

“There is a new arms race as the U.S., China, and Russia have stated in their national security strategies that achieving dominance in AI is a priority,” said Tom Kellermann, senior vice president of cyber strategy at Los Altos, California-based Contrast Security. “This race to singularity has been burgeoning for the past five years. This does represent a holistic and long-term effort by the U.S. government.”