Tag: incident response

LTOOD: Thomas LaRock

Insights From a Nation State Software Supply Chain Attack With Thomas LaRock

Two years following one of the worst cyber-espionage attacks on the USA, we sat down with Thomas LaRock from SolarWinds to learn about how they managed the SUNBURST crisis and came away stronger Thomas LaRock is the Senior Technical Product Marketing Manager–or as they like to put it ‘Head Geek’–at SolarWinds. After many years as […]

LTOOD- Social

2022, The Year Product Security Broke Away From the Pack

Shlomi Ashkenazy and David Leichner recap the highlights of the past year and light the beacon for Product Security managers in 2023.   2022 has been an incredible year for the Product Security community. New regulations gained traction, software bills of materials (SBOMs) became ‘the bomb’, and the ramifications of Log4j and other vulnerabilities made […]

LTOOD Joe Weiss

The Importance of Including Engineers in Industrial Product Security With Joe Weiss

From a nuclear meltdown to Y2K and 9/11, Joe Weiss paints a frightening picture of cyber vulnerabilities in things that can go BOOM in the night.  Joe Weiss is what you would call a trailblazer in the realm of critical infrastructure cybersecurity. During his 40+ years in industrial instrumentation controls and cybersecurity, he has set […]

Building A Successful PSIRT from the Ground Up – Part 2: Processes & Technology

This is Part 2 of our blog series about building a Product Security Incident Response Team from the ground up. Continuing from where we left off in Part 1, in this post we will cover the enabling processes and technologies of a PSIRT.

Building A Successful PSIRT From the Ground Up – Part 1: People

This is Part 1 of our blog series about building a Product Security Incident Response Team from the ground up. The Colonial Pipeline cyber security breach in 2021 marked a watershed moment in IT security. Though this attack shut down the largest oil pipeline in the U.S. and resulted in a $4.4 million ransom payment, […]

Cracking AUTOSAR – A Missing Piece in the Product Security Puzzle

Securing automotive software is crucial to life long product security in the field…. But how can you secure a mystery box? As puzzling as it may be to call an AUTOSAR ECU a ‘mystery box’, this is essentially how many of today’s automotive manufacturers program their ECUs. Over the years, this closed system was enough […]

What Are Today’s Top Automotive Cybersecurity Challenges?

It hasn’t been an easy year for cybersecurity pros in the automotive industry. Hackers are increasingly setting their sites on connected automotive products – David Colombo’s much-publicized ethical Tesla hack, a ransomware attack against Honda, and a suspected attack on a local Toyota supplier are only a few examples from the rapidly evolving threat landscape. […]

Cybersecurity vs. Time-to-market: Medical Device Pros Weigh In

In a highly-regulated sector like medical device manufacturing, time-to-market needs to be carefully balanced with security and compliance. In addition to the aggressive timeframes development and product teams are tasked with to get new innovation to the market, medical device manufacturers (MDMs) are also responsible for the security of connected systems and processes that have […]

Intro to Automotive Cybersecurity Regulations

As vehicles have come to rely heavily on software and an increasingly complex software supply chain, the cyber threat landscape continues to evolve, and security and safety standards are more critical than ever. Industry-wide recognition of automotive cybersecurity risks has pushed regulators and industry leaders to double-down on regulation. The recent adoption of UNECE WP.29 […]

Subscribe to our blog to stay updated