Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

It is easy to assume that security tools are effectively configured right out of the box, so to speak. This scenario is all too common and can lead to severe consequences, such as data breaches if an organization implements software solutions with improper security configurations.

It’s the small vines, not the large branches, that trip us up in the forest. Apparently, it’s no different in Healthcare. In November, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Mitigation Guide aimed at the Healthcare and Public Health (HPH) sector.

In order for AppSec and ProdSec teams to stay on top of their growing attack surface, they must understand what parts of their attack surface are being continuously monitored and scanned, such as where, when, what, and how. This can include, but is not limited to.

In the face of economic headwinds, many companies are resorting to layoffs to help weather the storm. A study by Bloomberg News has found that since October 1, 2022 almost half a million employees worldwide across sectors have lost their jobs, with the tech sector accounting for nearly 150,000 of the 473,000 jobs cut. And new research by HackerOne found that in the last 12 months, 39% of companies surveyed have made security headcount cuts, and 40% plan to make then in the next 12 months.

Enjoy highlights from GitGuardian's ethical hacking webinar with a friend from Snyk.

Do you know what percentage of your vendors are at higher risk of ransomware attack? Can you drill-in to see exactly who? Or more importantly, why? Or how effective your vendor program has been in reducing risk to the business over the last 12 months? In the ever-connected world of partners and suppliers, vendors and even more vendors, the line between ‘their risk’ and ‘your risk’ disappeared. And what security and compliance teams need more of is not more data, but insights.

Today, the human factor still plays a role in most cybersecurity incidents. Human error is involved in 74% of data breaches. It’s essential to shift towards designing human-centric controls that promote and facilitate the use of responsible cybersecurity practices among employees.

We're excited to announce that Vanta now supports more than 300 integrations, increasing the level of automation possible in your security and compliance programs. Alongside our pre-built integrations, you can now build your own connections to monitor and secure the custom, homegrown tools your business relies on with Private Integrations. ‍ With additional automation, you can save even more time and resources as you optimize their efforts.

Securing C/C++ applications has been a massive challenge historically. Until today, many organizations using C/C++ have had to rely on a niche, single-language tool that, while decent at finding vulnerabilities, requires code to be compiled before scanning, slows down developers with clunky integrations, and provides vulnerability alerts that do not help developers to remediate the issue.

User credentials are the information required to authenticate a user's identity and grant them access to a system or application. Typically, this includes a username or email address and a password. While a username can be stored as plaintext in a database, sensitive information like email addresses or passwords should not. If a malicious actor gains access to your database where you store this information, you don't want to hand over this information to them easily.