In the business of security, linking performance metrics to strategy has become an accepted best practice. If strategy is the blueprint for building a security operations center (SOC), metrics are the raw materials. But there is a catch: a security organization can easily lose sight of its strategy and instead focus strictly on the metrics that are meant to represent it.

There are multiple ways to store sensitive passwords. And while having choices can be great, in the context of password storage, picking wrong can be a security nightmare. With that in mind, let’s hash out some of your options 🥁🥁.In this article we’ll discuss how you should hash passwords in your Java applications. While you can apply these principles to any ecosystem, we’ll specifically showcase the best way to handle password hashing in Java.

Trading on the stock market has only grown more complex in the past few decades. Thanks to high frequency trading (HFT) and the rise of Big Data in financial markets, it’s impossible for an individual investor, trader or stock analyst to make the right investment decisions quickly enough to react to an increasingly complex market. With traders needing to make investment decisions on-the-spot in seconds, not minutes, it’s unsurprising that they have turned to rule-based automation and AI.

Infrastructure security is something that is important to get right so that attacks can be prevented—or, in the case of a successful attack—damage can be minimized. It is especially important in a Kubernetes environment because, by default, a large number of Kubernetes configurations are not secure. Securing Kubernetes at the infrastructure level requires a combination of host hardening, cluster hardening, and network security.

On March 9, 2022, the Securities and Exchange Commission (SEC) announced proposed rules and amendments to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting. These proposed amendments impact all public companies subject to the reporting requirements of the Security Exchange Act of 1934. To summarize this proposal and learn how to successfully prepare for them, read on.

Following our recent announcement about supporting the open source community, LimaCharlie is excited to share that we have decided to sponsor the IntelOwl project.

Everyday business documents continue to be one of the biggest sources of data leakage. The Facebook leaks and WikiLeaks are prime examples of the damage such breaches can wreak. Even with the best security tools in place users seem to always be able to find a way to circumvent security. Or, as in most cases, accidentally share data with the wrong audience creating a security issue.

Guest Blog by Daniel Parmenvik – CEO of bytesafe.dev For many, Software Bill of Materials (SBOMs) have changed from a manual list of assets for due diligence procedures to become an integral and automated part of software development. The ever increasing appetite for open-source software translates into a need to keep track of software assets (or open-source dependencies) for all applications, at any given point in time.

Every organization has tons of sensitive information stored in the cloud. The unanticipated surge in remote work resulted in an increase in the amount of information stored in the cloud. According to TechJury, 67% of enterprise infrastructure is cloud-based. However, with organizations allowing employees to use both business and personal devices at work, the attack surface has expanded, increasing opportunities for threat actors to target vulnerable devices.