Least hot take of all time: Interruptions and rework are the worst. The modern dev pipeline is purpose-built to make collaboration easier and allow individuals and teams to work together to contribute to regular code pushes. This of course means lots of invention, feedback, creativity and iteration, all of which work best when they can be the point of current focus.

Our core values as a company center around our users’ privacy, security, and satisfaction. While developing Masked Email – our integration with Fastmail that lets users create new, unique email addresses without ever leaving the sign-up page – we needed a technology that brought all three values together.

The possibility of a data breach at your organization can be anxiety-inducing. According to the Ponemon Institute, the average cost of a data breach is $3.61 million, and it’s on the rise; the average data breach cost is up 10% over last year and remote work is a contributing factor: Ponemon found that breaches caused by remote work were $1.07 million more expensive than those that weren’t. This may have your organization wondering if you’re protecting your data in every way you can.

From reading many Python Docker container blogs, we’ve found that the majority of posts provide examples of how to containerize a Python application independent of its framework (Django, Flask, Falcon, etc.). For example, you might see something like this: With this Dockerfile, we can build and run a Python Flask application: Two simple steps and it works just fine, right?

As organizations look for solutions that enable them to create a software bill of materials (SBOM) to ensure they’re meeting new governmental mandates for protecting the software supply chain, it’s important to understand the difference between solutions based on reporting vs. remediation. The primary focus of any SBOM solution should be on open source code. The use of open source continues to expand exponentially. Open source components comprise 60%-80% of today’s applications.

October marked a dubious milestone for cybersecurity. A report from the Identity Theft Research Center confirmed that the number of cyber attacks reported through the first nine months of the year exceeded the total recorded for the entirety of 2020. And not by a small margin either—attacks are up 17% in 2021 compared to last year. Clearly, hackers have been busy, as have the cybersecurity experts tasked with mitigating the damage.

Project Memoria is the largest study on the security of TCP/IP stacks. The idea for this project emerged in May 2020 while collaborating with JSOF on Ripple20. Our researchers understood that the problem with TCP/IP stacks was much deeper and more widespread than initial research had suggested. We hypothesized that similar issues to those identified in Ripple20 could be present in other stacks as well.

Customers are increasingly looking for just-in-time access to infrastructure. Imagine there is a production outage and a senior SRE needs to login to a production server to diagnose and fix the issue. In this organization, on-call SREs have elevated access to production systems, but when they are off-duty, their privileges are reduced. When the Pager Duty alert goes off, our on-call SRE ssh’s into the server but after several minutes of looking, can’t diagnose the issue.

Keeping Active Directory secure is one of the most critical tasks for organizations’ information security. Keeping track of users’ activity is a fundamental part of AD security. But before jumping into purchasing shiny tools, there’s a lot you can do by simply changing and leveraging AD built-in audit capabilities.

Cyber insurance has great potentials in improving cybersecurity practices and protecting organizations against the impact of security incidents, but these potentials “have yet to fully materialize.” This is the key highlight of a recent report developed by the Royal United Services Institute for Defence and Security Studies (RUSI) and the University of Kent in the UK. The report provides a comprehensive list of recommendations for both governments and organizations.