Earlier this month, the National Institute of Standard and Technology’s (NIST) cybersecurity framework released a revision (1.1, Draft 2) of its Framework for Improving Critical Infrastructure Cybersecurity. The new release now includes vulnerability disclosure processes as part of the Framework Core…
Topic: Cybersecurity News
What we know so far
Earlier today it was publicly disclosed that Apple’s MacOS High Sierra contains a trivially-exploitable flaw, which allows malicious individuals to generate a persistent root access account to your system. It is not readily apparent whether or not this vulnerability is remotely exploitable, but out an of abundance of caution there are several steps you can take immediately to protect your system.
The bug bounty market is growing quickly. While an increasing number of organizations are embracing the concept, there still remains some confusion and ambiguity around paying hackers for vulnerabilities. Events like recently disclosed Uber breach illustrate this confusion. I’ll take this opportunity to clarify and define this rapidly evolving market.
We recently contributed to the Department of Commerce’s request for public comment on its “Green Paper” with Rapid7, Duo Security, Electronic Frontier Foundation, Center for Democracy & Technology, Global Cyber Alliance and many others that we hope will bolster a more transparent approach to securing the Internet of Things.
Last month we launched our 2017 CISO Investment Blueprint which analyzes survey responses from 100 security decision makers regarding the current state of application security. In addition to the survey results, we’ve chatted with several innovators in the security industry to get their thoughts on appsec today and the future.
In the past several weeks we’ve been publishing these interviews, filled with insights around the challenges and opportunities present for security decision-makers in 2017. We welcome your feedback and observations as well! Tweet us or shoot us an email to share your thoughts.
Our last Q&A is with Josh Sokol who is an OWASP Board of Directors member and brings an interesting perspective to our application security challenges conversation. OWASP has run several bounties and responsible disclosure programs with Bugcrowd. Read more about their programs here.