Modern organizations rely heavily on software and systems. Secure coding standards are significant, as they give some assurance that software installed on the organization’s system is protected from security flaws. These security standards, when used correctly, can avoid, identify, and remove loopholes that might jeopardize software integrity. Furthermore, whether developing software for portable gadgets, desktop systems, or servers, secure coding is critical for modern software development.

It’s been a great year so far for the Open Policy Agent (OPA) project and community. OPA achieved graduated status in the Cloud Native Computing Foundation (CNCF) in February and is quickly nearing 100 million downloads! With all this growth, we were excited to see the results of the second annual Open Policy Agent user survey. As I mentioned in my post on the Open Policy Agent blog, we survey the community to help better steer the project's long-term roadmap in the right direction.

The SANS 2021 Automation and Integration Survey is now available for download, focusing on the question: First we walked, now we run – but should we? Let’s face it, we’ve talked about security automation for years. We’ve grappled with what, when and how to automate. We’ve debated the human vs machine topic.

Python has been deemed as a “simple” language — easy to use and easy to develop scripts to do numerous tasks — from web scraping to automation to building large-scale web applications and even performing data science. However, dependencies are managed quite differently in Python than in other languages, and the myriad options of setting up an environment and package managers only add to the confusion.

Detectify collaborates with Crowdsource, our private network of ethical hackers to help our customers access the latest critical security research and secure their web apps. With a hot hack summer, we saw a lot of devastating breaches which casted a negative view onto hackers as criminals. At Detectify, we believe that hackers are our allies.

When smaller firms are hit by a cyberattack, the cost can be devastating. One out of four businesses with 50 or fewer employers report paying at least $10,000 to resolve an attack. And for organizations with fewer than 500 employees, insider incidents alone cost an average of $7.68 million, according to the Ponemon Institute's 2020 Cost of Insider Threats report.

Taking a proactive approach to threat hunting in cybersecurity is crucial, especially today when attacks are more stealthy and more complex than ever. What this means is that the olden ways of cybersecurity relying on time-consuming manual workflows are slowly becoming obsolete, and cybersecurity teams must be supported by active learning intelligence in their threat hunting processes.

In our recent blog, Who Do You Trust? OAuth Client Application Trends, we took a look at which OAuth applications were being trusted in a large dataset of anonymized Netskope customers, as well as raised some ideas of how to evaluate the risk involved based on the scopes requested and the number of users involved. One of the looming questions that underlies assessing your application risk is: How does one identify applications? How do you know which application is which? Who is the owner/developer?

As part of our upcoming attendance at the International Cyber Expo & International Security Expo, we were lucky enough to sponsor The Cyber Security Webinar Series with Nineteen Group and Grey Hare Media. Both Philip Ingram MBE and Emanuel Ghebreyesus, strategic account director for Tripwire, spoke about several topics including: You can read some of the highlights from their conversation below.

LUCERNE, SEPTEMBER 2021: SECUDE, a leading Digital Rights Management (DRM) solutions provider based on Microsoft Azure Information Protection (AIP) today announced that its flagship product HALOCAD® extends data-centric security across PLM and Multi-CAD integrations.