Upside: business-to-business clients spend more with secure organizations. Downside: B2B clients sue non-secure organizations. Now to use this in building a security program.
Watch more videos on my YouTube channel.
Archive for the ‘Blogs’ Category
Stuck in Traffic – Agile Roadmaps
Posted byTips for building security roadmaps, or alternatively, what having a deck party taught me about planning.
Watch more videos on my YouTube channel.
Stuck in Traffic – iOS 12.4 Jailbreak and Regression Testing
Posted byApple iPhones and iPads running iOS 12.4 are once again open to jailbreaking. I say once again because the vulnerability was closed in 12.3, but is back in 12.4. This is a good time to think about our AppSec regression testing process.
More here:
https://ift.tt/2NfQwkt
Watch more videos on my YouTube channel.
Stuck in Traffic – Three Ways to Protect Three-some APIs
Posted byAnother look at 3fun’s mistakes, and three lessons we can take back to our mobile AppDev teams.
See the original article here: https://ift.tt/2JHdCyg
Watch more videos on my YouTube channel.
Stuck in Traffic – Third-party Risk from Three-some Websites
Posted byCredential theft from dating websites can lead to credential reuse, social engineering, or extortion. Take the press on 3Fun, which exposed business and governmental leaders. So what can these third-party websites do to protect their users and our organizations?
Watch more videos on my YouTube channel.
Stuck in Traffic – Designing for Their Worst Day
Posted byWhen designing security tool UIs, it is crucial we design for people on their worst day. People stressed, hurried, and distracted. Bad example: hotel same-unit washer dryers. Good example: airports.
Watch more videos on my YouTube channel.
Stuck in Traffic – Incident Response learn from Firefighting
Posted byBee2FireDetection was covered on Marketplace Morning Report on 7/29/2019. They do provide technology to forecast, detect, and predict massive fires. Let’s look at their approach to see what gaps exist in today’s security incident response techniques.
Watch more videos on my YouTube channel.
Stuck in Traffic – Patching Bundled Software (Zoom)
Posted byUsing Zoom as an example, let’s talk about the challenges of vulnerability management and patch management when one product is bundled with another.
Watch more videos on my YouTube channel.
Stuck in Traffic – BlueKeep Month 2
Posted byTwo months after BlueKeep, the Windows RDP vulnerability, there are still some 800,000 affected computers on the Internet. That’s according to BitSight’s analysis in July. So how do we handle 0-days and unpatched vulnerabilities?
Watch more videos on my YouTube channel.
Stuck in Traffic – Sprint Breach by Samsung.com
Posted byDevOps is measured by increasing velocity, by change. Security is measured by reducing risk, by stability. Perhaps we need to embed naysayers within stand-ups, pointing out abuse cases for new functionality in use cases. As an example, the “add a line” feature of the Samsung.com website that led to a Sprint breach.
Watch more videos on my YouTube channel.