X
Enlarged Image
Back to blog

Cybersecurity Insights with Contrast CISO David Lindner | 5/20

By David Lindner, Chief Information Security Officer

June 1, 2022

Insight #1

"The Exploit Prediction Scoring System (EPSS) is yet another data point I urge you to add to your risk calculations of known CVEs. More data, better risk measurements, and easier prioritization."
 

Insight #2

"Did you know that the active third-party library code in your applications is only about 10%? Our engineers may pull in a lot of third-party library code (in upwards of 80% of all the code in an application), but knowing if, when, and how you use that library code is extremely important to understand the risks posed by them. Use instrumentation-based tools to provide you with this information, to better inform your risk decisions."
 

Insight #3

"When was the last time you looked at the open-source library licenses in your applications? Are you using any copy-left licenses (GPL, AGPL, etc) that could create legal nightmares for your organization? It’s imperative you implement controls, both process and technical, to limit the licenses to those approved by your legal teams."
 
 
Thought Leaders
David Lindner, Chief Information Security Officer

David Lindner, Chief Information Security Officer

David is an experienced application security professional with over 20 years in cybersecurity. In addition to serving as the chief information security officer, David leads the Contrast Labs team that is focused on analyzing threat intelligence to help enterprise clients develop more proactive approaches to their application security programs. Throughout his career, David has worked within multiple disciplines in the security field—from application development, to network architecture design and support, to IT security and consulting, to security training, to application security. Over the past decade, David has specialized in all things related to mobile applications and securing them. He has worked with many clients across industry sectors, including financial, government, automobile, healthcare, and retail. David is an active participant in numerous bug bounty programs.

Previous

A Sneak Peek Into Contrast's New Developer Security Tool
Next

Cybersecurity Insights with Contrast CISO David Lindner | 5/27