Category: Uncategorized

“An ounce of prevention is better than a pound of cure”. Whatever way you quote this age-old adage, its hard to argue against it. So it goes in the cyber security context as well – preventing cyber threats is always going to be better than curing them. For more than a decade now, we have […]

Cloud Security Posture Management CSPM

Organizations have increased public cloud usage, as there are obvious benefits (elasticity, pay-as-you-go subscription model, etc.). While adoption across cloud layers (IaaS, PaaS, SaaS) varies across organizations, one thing for sure is that IaaS usage is most prevalent. Organizations end up shifting to the cloud in an urgency and likely with a “lift and shift” […]

remote workforce vulnerability management

In an earlier blog article, we had a look at the challenges that organizations are facing with vulnerability management (VM) for their remote workforce. We briefly described what a Next Generation Vulnerability Management solution should look like for these scenarios. To summarize a Next Generation VM needs to be a cloud-based service which can provide […]

Trust and Security

In an earlier blog article last month, we talked about the top used open source projects from Census II report and security vulnerabilities in these projects. The exposure from using open source projects is real and certainly not insignificant. In this article, we will look at a companion report from Linux Foundation namely the “Improving […]

It is estimated that Free and Open Source Software (FOSS) constitutes nearly 80-90% of any given piece of modern software. All sectors (public/private/tech/non-tech) have heavy reliance on software. It is imperative then to ensure health and security of open source software. Linux Foundation founded the Core Infrastructure Initiative (CII) back in 2014. CII members provided […]

Secrets in source code

Developers are in a constant race against time to deliver new features and capabilities in software. Things are hastened with philosophies like “release early, release often”. This constant rush means that developers are bound to inadvertently make mistakes along the way. Developers are human after all. Hence, the focus needs to be on having the […]

Open Source technologies are becoming the backbone of all modern day solutions. It has huge advantages since the “write-once and use it across the board” approach fosters code reuse. In many cases these open source technologies get extended to adapt to specific requirements and customizations, this has similar traits to polymorphism brought in by modern […]

RSA recently published “20 Predictions for 2020”. These are spot on and interesting. While these predictions cover the complete security landscape, I would like to draw attention to one specific prediction here, “#5 – Security shifts left”. The basic idea with “security shifts left” is to ensure that DevOps teams perform required steps during CI/CD […]