This is Part 2 of our blog series about building a Product Security Incident Response Team from the ground up. Continuing from where we left off in Part 1, in this post we will cover the enabling processes and technologies of a PSIRT.
This is Part 1 of our blog series about building a Product Security Incident Response Team from the ground up. The Colonial Pipeline cyber security breach in 2021 marked a watershed moment in IT security. Though this attack shut down the largest oil pipeline in the U.S. and resulted in a $4.4 million ransom payment, […]
As the connected devices and products we rely on have become increasingly software-reliant, securing them against cybersecurity and compliance risks has become a major concern for product security pros. Today’s evolving cybersecurity regulation for software-driven devices and products addresses the expanding threat landscape. As a result, companies are investing more and more in technologies that […]
Product and device security teams often find themselves fighting an uphill battle in their attempts to step up their cybersecurity strategies. Ensuring security in the increasingly complex ecosystem of their connected devices has never been more challenging. Faced with a rapidly evolving threat landscape and increased regulation, teams are working hard to achieve cybersecurity maturity, […]
If you want to see where industry priorities lie — the general consensus is that you should follow the money. Well, between 2020 and 2025, the Healthcare industry is projected to spend $125B on cybersecurity. There are many reasons driving the attention that medical device security is receiving. New regulations such as the FDA premarket […]
Originally published on BleepingComputer, March 30th, 2022 Another day, another crash in automotive device software. This time, the bug was found in the infotainment system of older model Mazdas from 2014-2017. Drivers reported that their HD radio receivers crashed when connecting to a local radio station. The radio and its display, bluetooth capabilities, built-in maps, and […]
Open-source software libraries are the backbone of modern software development and a critical piece of the software supply chain. Engineers don’t need to recreate existing functionality; instead, development efforts can be accelerated using open-source software (OSS) libraries. These days, almost 98% of applications use open-source libraries. Using open-source libraries does bring unique risks. Beyond security […]
Originally published on HelpNet Security, February 16th, 2022
In 2020, the SolarWinds supply chain attack penetrated deep into the Federal government’s infrastructure and into some of the largest and most tech-savvy organizations. The compromise gave attackers unprecedented access to some of the best-protected data in the world. It highlighted that no matter how big or well funded an organization is, cyber-attacks can still […]