Companies list governance, risk, and compliance (GRC) as a top priority, but “doing GRC” isn’t easy. It takes time, effort and a strategy – and starting is usually the hardest part. So, in the first of our Back to Basics blogs, we’re going to focus on where every compliance and risk practitioner should start when building a GRC program: selecting the compliance frameworks which will form the foundation of your GRC program…

“What happened?” If you’ve never uttered those words, this blog isn’t for you. For those of us in cybersecurity, this pint-sized phrase triggers memories of unforeseen security incidents and long email threads with the CISO. What happened to those security patches? Why didn’t we prevent that intrusion? Organizations tend to lean towards protecting their borders and less towards understanding the importance of overall security hygiene.

This article is the first in our series on the Science Behind Cyber Security. Cyber security is often seen as a bit like the wild west, where it’s difficult to differentiate genuine solutions from snake oil. You can counter this by applying a scientific approach to scrutinise your planned cyber investments. As a buyer, you can find reassurance in the science and logic of a solution.

5G is already transforming and enhancing mobile connectivity. With its high speeds and low latency, almost all businesses and industries are now in the position to digitize applications and services they couldn’t dream of not long ago. With 5G networks, billions of devices and IoT (the internet of things) are interconnectible — leading to use cases like smart cities, AR/VR on mobile networks, remote medicine and much more. The potential is practically unlimited.

Modern organizations rely heavily on software and systems. Secure coding standards are significant, as they give some assurance that software installed on the organization’s system is protected from security flaws. These security standards, when used correctly, can avoid, identify, and remove loopholes that might jeopardize software integrity. Furthermore, whether developing software for portable gadgets, desktop systems, or servers, secure coding is critical for modern software development.

It’s been a great year so far for the Open Policy Agent (OPA) project and community. OPA achieved graduated status in the Cloud Native Computing Foundation (CNCF) in February and is quickly nearing 100 million downloads! With all this growth, we were excited to see the results of the second annual Open Policy Agent user survey. As I mentioned in my post on the Open Policy Agent blog, we survey the community to help better steer the project's long-term roadmap in the right direction.

The SANS 2021 Automation and Integration Survey is now available for download, focusing on the question: First we walked, now we run – but should we? Let’s face it, we’ve talked about security automation for years. We’ve grappled with what, when and how to automate. We’ve debated the human vs machine topic.

Python has been deemed as a “simple” language — easy to use and easy to develop scripts to do numerous tasks — from web scraping to automation to building large-scale web applications and even performing data science. However, dependencies are managed quite differently in Python than in other languages, and the myriad options of setting up an environment and package managers only add to the confusion.

Detectify collaborates with Crowdsource, our private network of ethical hackers to help our customers access the latest critical security research and secure their web apps. With a hot hack summer, we saw a lot of devastating breaches which casted a negative view onto hackers as criminals. At Detectify, we believe that hackers are our allies.