vulnerabability exploitability

Every piece of code is a potential source of vulnerabilities. This could be operating systems, containers, databases, web servers and the list just goes on. It also includes hardware devices like L2 / L3 network devices, healthcare devices, IOT devices and more. To further compound things, the rate at which vulnerabilities are discovered is growing […]

Data Science and commercially available AI/ML implementations now make it possible to predict whether a vulnerability can be weaponized into malware. This could be a critical moment in cybersecurity as it allows vulnerability management to be truly proactive and reduces the remediation workload. But why bother with this? And even if we did, how could […]

Trust and Security

In an earlier blog article last month, we talked about the top used open source projects from Census II report and security vulnerabilities in these projects. The exposure from using open source projects is real and certainly not insignificant. In this article, we will look at a companion report from Linux Foundation namely the “Improving […]

It is estimated that Free and Open Source Software (FOSS) constitutes nearly 80-90% of any given piece of modern software. All sectors (public/private/tech/non-tech) have heavy reliance on software. It is imperative then to ensure health and security of open source software. Linux Foundation founded the Core Infrastructure Initiative (CII) back in 2014. CII members provided […]

Secrets in source code

Developers are in a constant race against time to deliver new features and capabilities in software. Things are hastened with philosophies like “release early, release often”. This constant rush means that developers are bound to inadvertently make mistakes along the way. Developers are human after all. Hence, the focus needs to be on having the […]

Open Source technologies are becoming the backbone of all modern day solutions. It has huge advantages since the “write-once and use it across the board” approach fosters code reuse. In many cases these open source technologies get extended to adapt to specific requirements and customizations, this has similar traits to polymorphism brought in by modern […]

RSA recently published “20 Predictions for 2020”. These are spot on and interesting. While these predictions cover the complete security landscape, I would like to draw attention to one specific prediction here, “#5 – Security shifts left”. The basic idea with “security shifts left” is to ensure that DevOps teams perform required steps during CI/CD […]

It is my pleasure to share this blog article authored by Rohit Ghai, who we are fortunate to have as our advisor. Rohit is renowned in the industry and he currently serves as President, RSA Security. Recruiting machines to fight the vulnerability crisis A central pillar in any cyber resilience strategy is the idea of […]

In our earlier blog US Electric Grid is “becoming more vulnerable to cyberattacks” says US GAO, we talked about US GAO assessment report [GAO-19-332] pertaining to Critical Infrastructure Protection at Electric Grids. In this blog, we will do a deep dive to better understand specifics from the report. For a high level overview of the […]

Grid Power Lines

In an earlier blog article titled “Energy Sector at risk of Cyber Attacks”, we described an attack at a Western Utility company and how the attack leveraged a known software vulnerability for which a patch was available but not applied. The energy sector needs to pull up its socks as is evident from recent NIST […]