Vendor tiering is a method of classifying vendors based on the level of security risk they introduce to an organization. The level of security criticality decreases with each subsequent level. The number of tiering levels depends on personal preference. The basic vendor tiering structure consists of three levels - Tier 1, Tier 2, Tier 3, where Tier 1 represents high-risk vendors. Each vendor could be assigned to a tier manually, or the process could be based on a security questionnaire scoring system.

A botnet is a network of malware-infected devices used to launch coordinated attacks either against a single target, like during a DDoS attack, or multiple targets like during email phishing attacks. All infected machines in a botnet are remotely controlled by a single cyber attacker that could be located anywhere in the world.

For the newest instalment in our series of interviews asking leading technology specialists about their achievements in their field, we’ve welcomed Pieter Vaniperen, Managing Partner at PWV Consultants. Pieter is a veteran software architect and security expert who is an industry authority and influencer providing thought leadership and execution to develop widely adopted processes, methodologies, and technologies that are at the forefront of digital innovation and software development.

Modern technology allows the easy collection and distribution of personally identifiable information — and concerns about the unintended distribution of that personal data have led to a wave of data privacy laws around the world. The U.S. Health Insurance Portability and Accountability Act (HIPAA) is one such law, and imposes strict rules on how hospitals, healthcare businesses, and other “covered entities” handle personal health information (PHI).

Details about cyberattacks on small-and-medium-sized businesses (SMBs) may not make it to the headlines, but numerous industry reports and surveys have highlighted the grim reality of the SMB cybersecurity landscape. Even before the COVID-19 pandemic, SMBs were largely targeted by adversaries1.

Cryptocurrency space is maturing, India’s appetite for cryptocurrency is evident, as the country facilitates the highest recipient of remittances globally — more than $83 billion since 2018 every year. With the support of cryptocurrencies, the remittance market is anticipated to soar in India, with cheaper, more efficient methods of sending money.

Cybercriminals never sleep. Why? They're too busy looking for application vulnerabilities. In the world of cybercrime, a flawed application is a potential goldmine for them, but an onramp to disaster for most organizations.

Considering our reliance on open source and third party components, it’s nearly impossible to estimate how many open source libraries we’re using, especially with dependency management tools that pull in third party dependencies automatically. Adding to the challenge of keeping track of the open source components that make up our codebase, is the tangled web of transitive dependencies.

Tom Hudson (TH), Senior Security Researcher at Detectify, joined the Application Security Weekly podcast to talk about the status quo on web scanners and securing modern web applications. We’ve edited the transcript for brevity and taken some highlights from the pod episode below.