In the latest weekly update, ISMG editors discuss how organizations can comply with the new PCI DSS 4.0 requirements, whether other countries should follow the U.S. lead on legislating software bills of materials, and key strategies for CISOs preparing for an economic downturn.
Over his 23-year career in cybersecurity, Tom Kellermann has focused on policy, endpoints and even strategic investments. Now, in his new role as senior vice president of cyber strategy at Contrast Security, his mission is to protect code security - particularly in the public and financial sectors.
The latest edition of the ISMG Security Report discusses what went wrong for Optus in the wake of one of Australia's biggest data breach incidents, the state of code security today and the growing trend of private equity firms pursuing take-private deals.
How do you assess the security of your own supply chain and provide assurances downstream? Knowing how to generate and leverage a software bill of materials (SBOM) is essential. In this webinar, you will learn how to satisfy regulatory and buyer requirements and build confidence and security into your software supply...
Too often when software developers change jobs, they take source code they've written with them, feeling the code belongs to them even if it belongs to an employer. Code42's Joe Payne shares the challenges of detecting source code theft and ways to protect intellectual property wherever it resides.
Palo Alto Networks has been in a 19-month dry spell when it comes to major acquisitions, but it looks like that's about to change. Israeli business publication Calcalist reported Monday the firm is closing in on a deal to buy New York-based code risk platform provider Apiiro for around $600 million.
In this episode of "Cybersecurity Unplugged," U.S. Air Force Chief Software Officer Nicolas M. Chaillan, a former DHS and DOD adviser, shares his opinions about the government's handling of DevSecOps and cybersecurity, where progress is being made and where more work needs to be done.
Cloudflare has crashed the party for top-performing web application and API protection vendors, joining longtime leaders Akamai and Imperva atop the latest Gartner Magic Quadrant. Gartner observed more separation between the leaders in this market and the rest of the pack.
Bitwarden has raised $100 million to expand into new product areas including developer secrets, passwordless and privileged access management. The investment will help the firm debut new features for individual and business users and expand its footprint in Japan, Germany, France and South America.
In today's dynamic threat environment, security teams must adopt a risk-based approach, prioritizing the most important areas of their organization. They also should not be afraid to seek outside help. Murtaza Hafizji of Bugcrowd discusses the merits of crowdsourced security.
No secret: Public cloud provides the technical catalyst to the healthcare industry’s modernization and the keys to the kingdom in terms of globalization. The resulting access to usable swaths of data is invaluable - and high-risk. ClearDATA's Chris Bowen weighs in on mitigating the risks.
CISOs have enough tools to identify security weaknesses, says Yoran Sirkis, but they need a way to make the information those tools gather more accessible and to streamline the remediation process. The CEO of Seemplicity discusses how its platform can help security leaders manage remediations.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including implications of the Russia-Ukraine cyberwar, the former CISA director’s somber message to the industry at Black Hat, and how the cryptocurrency landscape is changing.
Security maturity in development teams should be a continuous cycle of improvement with realistic goals along the way. As development teams increase their security maturity, they reduce the amount of rework and minimize risk while also allowing automation to help create efficiency in the SDLC.
Kudelski Security has made a big investment into the blockchain and Web3 security spaces, leveraging a team of 25 to help translate the company's expertise around cryptography and application security into the nascent market, according to CEO Andrew Howard.