Featured
06/13/2024
Microsoft’s Brad Smith acknowledges past security failures, outlines new initiatives
Not everyone was as harsh on Microsoft’s previous mistakes. Jeff Williams, co-founder and chief technology officer at application security software platform provider Contrast Security Inc., noted that “while it’s pretty obvious in hindsight that they made a mistake, I think commentators are judging them without seeing the whole picture.”
“The unfortunate reality is that software is far more complex than most people understand,” he said. “A single application is built from dozens of source code repos, hundreds of open-source libraries, multiple application frameworks, server software and often multiple language platforms. And Microsoft has tens of thousands of applications, each of which has vulnerabilities reported all the time by tools, penetration testers, customers and more.”
04/02/2022
Can 'shift left' in DevOps pipelines go too far?
More and more functionality, from security to cost management, is now packed into DevOps pipelines -- but if done improperly, "shift left" can create more problems than it solves.
03/31/2022
Remote code execution flaws in Spring and Spring Cloud frameworks put Java apps at risk
Users are urged to update both the Spring Framework and Spring Boot tool.
03/31/2022
Spring4Shell vulnerability could have ‘a larger impact’ than Log4j
A newly-discovered zero-day vulnerability known as Spring4Shell could have “a larger impact” than Log4j.
03/31/2022
Spring confirms ‘Spring4Shell’ zero-day, releases patched update
Earlier this week, experts released details on a remote code execution (RCE) vulnerability affecting the Spring Framework.
03/31/2022
Spring4Shell: No need to panic, but mitigations are advised
Security teams around the world got another shock on Thursday when news of disclosure of a PoC for an unauthenticated RCE zero-day vulnerability in Spring Core.
03/31/2022
Spring4Shell vulnerability could have ‚a larger impact than Log4j
03/31/2022
Spring confirms ‚Spring4Shell‚ zero-day, releases patched update
More and more functionality, from security to cost management, is now packed into DevOps pipelines -- but if done improperly, "shift left" can create more problems than it solves.
03/30/2022
New Spring4Shell Zero-Day Vulnerability Confirmed: What it is and how to be prepared
New Spring4Shell Zero-Day Vulnerability Confirmed: What it is and how to be prepared.
03/30/2022
CISO Talks: How to Safely Migrate to Serverless Security | CISO Talks on Apple Podcasts
03/30/2022
How to Safely Migrate to Serverless Security | CISO Talks
03/18/2022
Are We Prepared For a Global Cybersecurity Disaster? CISO Talks
03/15/2022
Successful DevOps in the Age of Serverless
DevOps teams have often been underserved by security tools. Modern application security solutions must fit within the existing workflows related to how software is built and deployed. But just dropping a tool into that pipeline won’t suffice.