In the News
Featured
06/13/2024
Microsoft’s Brad Smith acknowledges past security failures, outlines new initiatives
Not everyone was as harsh on Microsoft’s previous mistakes. Jeff Williams, co-founder and chief technology officer at application security software platform provider Contrast Security Inc., noted that “while it’s pretty obvious in hindsight that they made a mistake, I think commentators are judging them without seeing the whole picture.”
“The unfortunate reality is that software is far more complex than most people understand,” he said. “A single application is built from dozens of source code repos, hundreds of open-source libraries, multiple application frameworks, server software and often multiple language platforms. And Microsoft has tens of thousands of applications, each of which has vulnerabilities reported all the time by tools, penetration testers, customers and more.”
05/31/2024
Terrifying Cybersecurity Risks to U.S. Water Systems: ‘Mass Delusion We All Share’
Tom Kellermann, SVP of Cyber Strategy at Contrast Security, a security and development company helping organizations deploy secure code, spoke to Techopedia about the issue. “The safety of the U.S. water supply is in jeopardy. Rogue nation states are frequently targeting these critical infrastructures, and soon we will experience a life-threatening event.”
05/31/2024
Larry Maccherone Explores Several Advantages of Adding Security to DevOps
For many dev and security teams, a reset on culture and mindset is critical to begin integrating security into every phase of the software development lifecycle as a shared responsibility, as opposed to addressing security after development. In this archived keynote session, Larry Maccherone, DevSecOps transformation architect of Contrast Security, highlights ways to fundamentally transform the process of AppSec and DevOps, to a modern DevSecOps approach. This segment was part of our live webinar titled, “How to Amplify DevOps with DevSecOps.” The event was presented by InformationWeek on May 22, 2024.
05/31/2024
Experts Warn of Security Risks in Grid Modernization
"These technologies increase the attack surface of the grid," Tom Kellerman, senior vice president of cyber strategy for the application security software platform Contrast Security, told Information Security Media Group. "Segmentation, two-factor authentication, least privilege and runtime security are imperatives for the safety of the grid."
…
"The expedited process will undermine the cybersecurity preparedness of the grid," Kellerman said. "Given the increase in destructive cyberattacks being launched by rogue nation-states, cybersecurity assessments must be performed prior to projects going live."
05/31/2024
First American reveals data breach hit 44,000 individuals
Cybercriminals are likely to use First American's infrastructure to "island hop" to other financial services players, said Tom Kellerman, senior vice president of cyberstrategy at Contrast Security. He warned of the threat of home equity fraud, where a criminal could establish a line of credit against someone else's home. "Inevitably the owner of the home is the one that's penalized by the system for not paying their debt," he said. "And that is increasing. That is my biggest concern regarding this breach."
05/28/2024
The state of AppSec: Are we getting ahead of attackers — or falling behind?
Jeff Williams, CTO and co-founder of Contrast Security, said it took 30 years of programming to build the foundation of all computing in C/C++. "Replacing the foundation with safer languages will likely take much longer. Our C/C++ foundation has the benefit of 30 years of torture to make it strong. However, perhaps a few new projects will choose safer languages from the get-go. I suppose that's a bit of progress."
…
05/28/2024
Third-party software supply chain threats continue to plague CISOs
But let’s not just blame the third-party providers because the attackers leverage the increasing complexity of today’s software supply chains. “This is a problem that will take many years for the software industry to solve. The complexity of a pharmaceutical or manufacturing supply chain pales in comparison with a modern software supply chain. Literally, everything involved in creating software can introduce malware and vulnerabilities,” said Jeff Williams, co-founder and CTO of Contrast Security. He tells CSO, “Every piece of software you use depends on many hundreds of thousands of people, any of whom has a path to introducing malware into your code. That’s not even counting hackers that find and exploit vulnerabilities.”
05/27/2024
Your Water, or Your Life
Tom Kellermann, SVP of Cyber Strategy at Contrast Security told Security Magazine: “The safety of the U.S. water supply is in jeopardy. Rogue nation states are frequently targeting these critical infrastructures, and soon we will experience a life-threatening event.” That doesn’t sound like a long ways away.
05/27/2024
Don't Expect Cybersecurity 'Magic' From GPT-4o, Experts Warn
Despite the fresh capabilities, don't expect the model to fundamentally change how a gen AI tool helps either attackers or defenders, said cybersecurity expert Jeff Williams.
"We already have imperfect attackers and defenders. What we lack is visibility into our technology and processes to make better judgments," Williams, the CTO at Contrast Security, told Information Security Media Group. "GPT-4o has the exact same problem. So it will hallucinate nonexistent vulnerabilities and attacks as well as blithely ignore real ones."
05/15/2024
The Cybersecurity Guardians: Meet the Top 30 cybersecurity Influencers to Follow in 2024
Naomi Buckwalter is an accomplished Information Security Leader, Nonprofit Director, Keynote Speaker, and LinkedIn Learning Instructor. With extensive experience in directing information security programmes, she has notably served as Director of Product Security at Contrast Security and Director of Information Security & IT at Beam Dental. Buckwalter’s expertise encompasses compliance, risk management, and security operations.
She is also the Founder & Executive Director of the Cybersecurity Gatebreakers Foundation, aiming to revolutionise cybersecurity hiring practices. With a background in computer science and over 99K followers on LinkedIn, she is recognised for her contributions as a cybersecurity thought leader and advocate for diversity in tech.
05/15/2024
Backlogs at National Vulnerability Database prompt action from NIST and CISA
A big contributor to the NVD backlog is the flood of vulnerabilities reported to the repository — more than 100 per day in 2024, according to David Lindner, CISO of Contrast Security, a maker of self-protecting software solutions.
While a consortium could bring valuable resources and expertise, potentially speeding up analysis and reporting, it could also introduce politicization and commercialization to the project, Lindner says.
05/14/2024
Why Developers Will Take Charge of Security, Tests in Prod
Developers will “eat” the IT security function, predicted Larry Maccherone, who works as the Dev[Sec]Ops transformation architect for security automation platform Contrast Security and made headlines as the author of the DevSecOps Manifesto. It’s inevitable, he argued. And as if that’s not shocking enough, testing in production should become the norm, he added.
It may sound crazy, and the InfoBip audience of primarily new programmers seemed hesitant to embrace the idea. Nonetheless, Maccherone laid out his case at an InfoBip Shift workshop in Miami last month.
05/10/2024
US government intervention in free markets goes way beyond TikTok
“There is a new arms race as the U.S., China, and Russia have stated in their national security strategies that achieving dominance in AI is a priority,” said Tom Kellermann, senior vice president of cyber strategy at Los Altos, California-based Contrast Security. “This race to singularity has been burgeoning for the past five years. This does represent a holistic and long-term effort by the U.S. government.”