From the Summer 2024 Issue

Exploring the Differences Between Bug Hunters and Pentesters

Author(s):

Aditya Agrawal, Core Lead Pentester, Cobalt

Exploring The Differences Between Bug Hunters and Pentesters

In the following, we’ll talk about how to transition from a Bug Hunter to a Pentester. It’s important to note that this content is intended to be an objective comparison with a real person’s experiences. These professions have individual pros/cons that add value to the security industry as a whole.  It’s not uncommon to meet … Read more

From the Spring 2024 Issue

The Evolving Dynamics of Product and Operational Technology Security Within the Semiconductor Industry

Author(s):

Krishna Chaitanya Tata, Operational Technology Cybersecurity Leader, IBM

Krishna Tata-Spring 2024

Introduction Security within products is the need of the hour across manufacturing organizations, more so within semiconductor manufacturing. Secure by Design is an imperative that organizations are adopting very rapidly. This is very critical for the manufacturing industry as it is the most targeted industry for cybersecurity attacks in the last year. The graphic below … Read more

From the Winter 2023 Issue

Open Source Software Supply Chain Security

Author(s):

Prabhat Pokharel, CEO, Biz Serve IT

OSS Supply Chain Security

As the world moves toward a digital future, so does the competition and pace of the software development environment. It is causing companies to adopt practices that reduce costs and increase the speed of their software development supply chain while gaining a competitive advantage. An effective software supply chain includes planning, procuring, developing, and deploying … Read more

From the Winter 2022 Issue

How to Reduce the Risk of Cyber-Attacks on Global Supply Chains

Author(s):

Amy Nelson, Chair of TCG’s PC Client Work Group, Trusted Computing Group (TCG)

The number of cyber-attacks attempting to compromise global industry supply chains are on the rise, and a new survey by BlueVoyant found that 97 percent of global firms have been impacted by a cybersecurity breach in their supply chain in the past 12 months. Not only that, but 95 percent of respondents said their organizations … Read more

From the Fall 2021 Issue

Why We Haven’t Solved the Problem of Too Many Software Bugs

Author(s):

James Everett Lee, Chief Operating Officer, The Identity Theft Resource Center

Software Bugs

If you needed a microcosm of the challenges currently facing the cybersecurity world, three events in the summer of 2021 summed it up well: Oracle and Microsoft (and others) issued patch updates to fix the usual number of CVEs. Gartner predicted a record level of global cybersecurity investment this year. A group of application security … Read more

From the Fall 2021 Issue

A Software Bill of Materials Is Critical for Comprehensive Risk Management

Author(s):

Dr. Georgianna Shea, Chief Technologist for Center on Cyber and Technology Innovation and TCIL, The Foundation for Defense of Democracies

A software Bill of Material

Executive Summary Very little software is entirely original. Software developers use existing, open-source, and commercially available software components to create new products. On average, 75 percent of a software product is open-source code, according to the 2021 Open-Source Security and Risk Analysis Report. This presents a cyber-risk management problem. The customer cannot effectively manage assets … Read more

From the Fall 2021 Issue

Some Risks We Must Accept

Author(s):

Justin Petitt, Director, Cybersecurity Center of Excellence, Edgewater Federal Solutions

Larry Letow, CEO, U.S., CyberCX

RISK

“Is that a new breach? Or is it the same one we’re still talking about?” If you think you’re hearing about a company getting hacked almost every day, that’s because you’re paying attention; there were over 1,300 significantly damaging breaches of large businesses last year. That’s more than three per day on average, and that’s … Read more

From the Summer 2021 Issue

Mobile Endpoint Security: How Secure is Your Organization Against Mobile Threats in the Remote Work Era?

Author(s):

Abitha Devi R, Product Specialist, ManageEngine

ManageEngine - Mobile Endpoint Security

Over a year ago, workforces across the globe were required to work from home to ensure their safety during the pandemic. This meant that IT administrators spent a majority of 2020 trying to figure out the best way to connect a distributed workforce while maintaining the overall security of their organization’s network. The organizations that … Read more

Safe Apps: How Can You Tell?

Author(s):

Caleb Townsend, Staff Writer, United States Cybersecurity Magazine

Safe App, Kids safety, kid on Ipad, cybersafe

StandHogg Hits Google Store According to Forbes, Google Android Threats continue to permeate through malware ridden apps that may affect many Android users. Researchers at the Norwegian app security company Promon claim that safe apps can be corrupted through dangerous vulnerabilities. In this particular case, the vulnerability, being dubbed “StrandHogg”, allows dangerous malware to pose … Read more