With an average of 500 components in an application, it’s difficult to know what’s in your software. The right security tools and expertise are here to help. A software Bill of Materials (SBOM) is an inventory of what makes up a software application: the “ingredients list” of everything in it. There’s pressure today for companies to make SBOM information available, and it has implications for who is liable when there are issues in the software.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Its been a bad time for Rackspace, or should I say, their customers. All round it seems as the outage was more than just a system fault.

OV stands for Organization Validation, and EV stands for Extended Validation. To obtain these certificates, developers, development companies, and publishers have to fulfill a basic set of requirements. This includes furnishing the required documents, including physical address proof, telephone number, and legal documents of company creation. In addition to this, depending on the type of code signing certificate you need, the requirements can change further.

All software has bugs, and some can be difficult to find or reproduce. However, not all approaches to bug-finding need to be difficult to use! Fuzzing is an undeniably effective approach to finding security issues and bugs in software projects, however, tools can be complex to set up and execute. CI Fuzz CLI (open-source), automates the parts that make fuzzing complex, giving its users the look and feel of a unit test.

During my time as a cybersecurity admin, I had the authority to decide what was going to be done, but I didn’t have the access to configure or install my own software. To make matters worse, despite having authority over the implementation, I was also held accountable for failures but again, without the necessary access to fix issues. This created a lot of tension between myself and the teams I relied upon to handle implementation details.

As the world is preparing for the winter of 2022, energy efficiency and availability becomes a major concern for all countries and governments. The electric grid is a vital sector, and any malfunctions will create ripple effects on any nation’s economy. As the grid is heavily dependent on cyber-enabled technologies and a vast chain of suppliers, contractors and partners, the ability to safeguard the availability and reliability of the grid is crucial.

In this post, we will dive into how to configure file access auditing on a Windows file server and explore the challenges with interpreting critical access events.