Data privacy rules have never been crucial for organisations to follow until the General Data Protection Regulation (GDPR) enforcement. This blog is divided into two sections. The first section will discuss a general overview, definitions and common queries related to a data protection policy. The second section will explain how a business can write and operationalise a data protection policy.

Not all of the recognizable risks in your software supply chain can be identified by their known vulnerabilities recorded as CVEs. A component that is outdated or inactive may present risks to your application that no one has had cause to investigate. Yet these components could still harbor threats.

Amid a wave of hacks that have cost investors billions of dollars worth of cryptocurrency, the FBI is calling on decentralised finance (DeFi) platforms to improve their security. In a warning posted on its website, the FBI said that cybercriminals are increasingly targeting DeFi platforms to steal cryptocurrency, often exploiting vulnerabilities in smart contracts to part investors from their money.

Introduce yourself and tell us what you do for your day job. My name is Dr. Joseph J. Burt-Miller Jr. I currently serve as Assistant Project Manager at the Department of Homeland Security. One of my main duties is handling the risk management piece for projects, so interacting with contractors and our risk owners, ensures that our risks are tracked and mitigated. Anything that needs immediate attention I bring to my leadership, my project manager and program manager, etc.

Where do open source dependencies go to die, and why do they come to an end? What happened to the npm faker module? Can it happen again? Join me to learn how open source software libraries rise to glory and how they reach their end of life. I’ll also include some takeaways for developers and ops engineers.

Hack The Box (HTB) is a platform that gamifies cybersecurity training. It’s suitable for aspiring pen testers, as well as developers who want to become security champions — or simply understand the mindset of adversaries a bit better — in order to make their applications more secure.

It’s no secret that most application security teams are overextended and short-staffed. In fact, a recent ESG study showed that many cybersecurity professionals experience increased stress and job burnout.

Few security exploits are the source of more sleepless nights for security professionals than zero-day attacks. Just over Memorial Day weekend, researchers discovered a new vulnerability enabling hackers to achieve remote code execution within Microsoft Office. Dubbing the evolving threat the Follina exploit, researchers say all versions of Office are at risk.

The US Department of Defense (DoD) initiative to adopt the Executive Order for Zero Trust is heating up. This week the Pentagon’s CIO, John Sherman, announced plans to implement a zero trust architecture agency-wide within the next 5 years – by 2027. To support this initiative, he plans to announce a new strategy next month to help meet the ambitious deadline for an agency of over 4 million people.

Many of today’s security tools are built to secure cloud services. But we need to keep in mind that many organizations still require configurations that don’t have direct connection to the cloud. Organizations that have numerous branch locations — like convenience stores, school districts and banks — often use a software-defined wide area network, or SD-WAN.