skip to Main Content

Topic: Cybersecurity News

2018 Predictions: It Takes a Crowd

At the end of 2017 we asked our researcher community what changes they predicted for the bug bounty space in the year to come. The response was overwhelmingly the same: more companies adopting bug bounties across company size and industry…

Read More

Spectre & Meltdown: Quick Fact Sheet

Several recently-published research articles have demonstrated a new class of timing attacks (Meltdown and Spectre) that work on modern CPUs. Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM. For…

Read More

MacOS High Sierra: Getting to the Root of the Problem

What we know so far

Earlier today it was publicly disclosed that Apple’s MacOS High Sierra contains a trivially-exploitable flaw, which allows malicious individuals to generate a persistent root access account to your system. It is not readily apparent whether or not this vulnerability is remotely exploitable, but out an of abundance of caution there are several steps you can take immediately to protect your system.

Read More

The Uber Breach: Extortion Does Not Equal Bug Bounty

The bug bounty market is growing quickly. While an increasing number of organizations are embracing the concept, there still remains some confusion and ambiguity around paying hackers for vulnerabilities. Events like recently disclosed Uber breach illustrate this confusion. I’ll take this opportunity to clarify and define this rapidly evolving market.

Read More

OWASP Board Member Josh Sokol Provides Perspective on AppSec Evolution

Last month we launched our 2017 CISO Investment Blueprint which analyzes survey responses from 100 security decision makers regarding the current state of application security. In addition to the survey results, we’ve chatted with several innovators in the security industry to get their thoughts on appsec today and the future.

In the past several weeks we’ve been publishing these interviews, filled with insights around the challenges and opportunities present for security decision-makers in 2017. We welcome your feedback and observations as well! Tweet us or shoot us an email to share your thoughts.

Our last Q&A is with Josh Sokol who is an OWASP Board of Directors member and brings an interesting perspective to our application security challenges conversation. OWASP has run several bounties and responsible disclosure programs with Bugcrowd. Read more about their programs here.

Read More

How Barracuda’s Dave Farrow is Closing the AppSec Gap

Last month we launched our 2017 CISO Investment Blueprint which analyzes survey responses from 100 security decision makers regarding the current state of application security. In addition to the survey results, we’ve chatted with several innovators in the security industry to get their thoughts on appsec today and the future.

In the past several weeks we’ve been publishing these interviews, filled with insights around the challenges and opportunities present for security decision-makers in 2017. We welcome your feedback and observations as well! Tweet us or shoot us an email to share your thoughts.

This week’s interview is with Dave Farrow, Barracuda’s Senior Director, Information Security, who has been instrumental in working with the security researcher community through their bug bounty program

We also sat down with Dave last week at RSAC to hear about his conference session and his plans for appsec. Watch the video here.

Read More
Back To Top