All security flaws should be fixed, right? In an ideal world, yes, all security flaws should be fixed as soon as they’re discovered. But for most organizations, fixing all security flaws isn’t feasible. A practical step your organization can – and should – take is to prioritize which flaws should be fixed first.

If you caught part one of our recap series on this year’s Collision conference, you know we covered a roundtable talk hosted by Veracode’s own Chris Wysopal. The talk focused on the risks of AI and machine learning, delving into discussions of how to manage the security aspects of these future-ready technologies — especially when it comes down to consumer privacy.

Modern software development is full of security risk. Factors like lingering security debt, insecure open source libraries, and irregular scanning cadences can all impact how many flaws dawdle in your code, leading to higher rates of dangerous bugs in susceptible and popular languages.

PSD2 and Open Banking have been around for a few years now. Each aims to disrupt and future proof the financial services market following the vast technological advancements that occurred over the last two decades, and have left the industry with legacy processes and a lack of legislature to cope with emerging challenges.

A botnet is a network of hijacked computers and devices infected with malware and controlled remotely by cybercriminals. This network is then used to send spam and launch Distributed Denial of Service (DDoS) attacks. It can also be rented out to other cybercriminals. The Emotet botnet has been a thorn in the side of security teams for many years and has infected hundreds of thousands of devices since 2014.

5G is faster than its predecessor but that doesn’t change the approach to software security for your applications. Some wild claims have been made about 5G networking. I’ve heard mention of self-healing factories and smart highway systems. While such things might be possible, there’s nothing magical about 5G. In essence, it’s just faster wireless networking than we’ve had before. That’s nice, but hardly revolutionary.

According to Forrester, the number of permanent, full-time remote workers is expected to increase by 300 percent or more compared to pre-pandemic numbers. Amid the chaos surrounding the pandemic, getting your entire workforce back to the office seems trivial, especially when many employees’ work can be done remotely. It’s no wonder that, according to Gartner, almost half of employees will continue to work remotely post COVID-19.

If anyone has benefitted from the pandemic, it has been cyber attackers. As businesses expanded their investment in cloud resources and other IT resources in response to the pandemic, cyberattacks also dramatically increased. Businesses reported 445 million cyberattack incidents in 2020, double the rate for 2019. It didn’t have to be this way. With stronger threat intelligence solutions in place, many of the security incidents of 2020 could likely have been averted.

Spencer Pearlman, Security Researcher at Detectify, presented A Hacker’s Approach to Finding Security Bugs in Open Source Software in a partnered webinar with friends at Debricked. Securing modern web applications takes new approaches, and this includes looking at it from a hacker’s perspective. Here are highlights from the presentation on how tech teams can apply the same hacker mindset to discover vulnerabilities in open-source software in their tech stack.