Find us at:

Report: Epidemic of Flaws in Commercial and Open Source Code Fuels Attacks @ReversingLabs #OSS #softwaresupplychain #cybersecurity #appsec #report via @securityledger

In this clip from our latest #podcast, David Kellerman the Field #CTO at Cymulate explains how the company's attack simulation feature works - helping organizations test security products in real life attack scenarios. Check out the full interview here:

In this clip from our latest podcast, host @paulfroberts .asks David Kellerman, Field #CTO @Cymulateltd about security tool overload and the need for optimization. Check out the full interview here: #podcast #sponsored

Your Cyber News Roundup from The Security Ledger -

Researcher @samwcyo and others found a flaw in a @Kia_Worldwide website giving hackers access to the vehicle's location & driver data, remote start, locking, horn, etc. with just a license plate number! #InternetOfThings

Check out @ElisityInc virtual event on securing the IoMT😷 today at 4PM ET -

At #RSAC2024 ? Check Bricked and Abandoned tomorrow (TUE 5/7) at 9:00 AM. EIC @paulfroberts talks with @allanfriedman of @CISACyber, @tarah, @WeldPond, @window and @MalwareJake on the security implications of OEM #EOL decisions.

Check out our latest Spotlight #Podcast with Jim Broome, President and #CTO at @Direct_Defense. Jim and host @paulfroberts chat about D2's latest Security Operations Threat Report and changes in the threat landscape driven by the use of #AI.

Data stolen? Get used to it kid. That's the reality for young people coming of age today in the app sec shanty town that is the 21st century U.S. economy: a sprawling, unregulated, ad-hoc ecosystem prone to shocking breakdowns and failures.

And – as with food safety – we all will benefit in the end. 🙏 #cybersecurity #DevSecOps #software #supplychain #opinion.

avenues of attack. Ultimately, cyber attacks are no more inevitable than food poisonings. Both are preventable with the application and enforcement of standards and rules based on an objective understanding of risks and threats.

reduction in occurrences of critical software flaws, software supply chain compromises. Hand in hand with that would be a reduction in successful attacks and exploitation of homes, businesses, and critical infrastructure as software quality and integrity improved, closing off.

(a crazy idea, I know) with fines and other required remediations to prevent such incidents from recurring. If the experiences of other industries – like manufacturing, construction and food processing are any indication – the response to changes like these would be a noticeable.

out to investigate the circumstances that led to the mass release of flaws like #CVE #202320198, and #202320273 to the public. Arm those inspectors and oversight agencies with new laws and regulations, and they might even hold software makers accountable for their mistakes. .

the language of food safety? couching stories like the IOS-XE flaws as being about individuals and companies “sickened” or “harmed” by a flawed software release? What if our government took incidents of software “poisonings” seriously: sending experts.

the application development practices that produce 0days will remain unscrutinized. Going forward, we might use language that foregrounds the issue of poor quality code and the harm caused by the distribution of poor quality or compromised software would help. What if we adopted.

If shoddy, vulnerable software is just the norm, we consumers keep our expectations low. Software makers are happy to reward those low expectations with balky wares that leave us vulnerable to compromise. And, with little attention to the “how” or “why,”.

Unlike food-borne outbreaks, there’s also little to no effort to establish a context: to answer the “why” and “how” of these failures. That allows them to continue, unabated, without any sense of urgency or even wrongdoing.

and the harm done by those attacks to companies, customers and the economy, more broadly. The language and the problem of shoddy software remains abstract – devoid of any notion of responsibility or consequence.