Open source risk goes beyond application security. Legal, operational, and supply chain implications demand a capable solution like Black Duck SCA. Open source can be found in everything; nearly all applications in all industries are composed to some degree of open source. The introduction of more cloud-native applications, more open source usage as a whole, and the creation of more-complex applications mean organizations are facing increasing levels of risk.

In the digital age, organizations and the missions and business processes they support rely on information technology and information systems to achieve their mission and business objectives. Not only is technology used to efficiently enable businesses to carry out operational activities, but it is also the backbone for the United States’ critical infrastructure.

The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) Standards are a cybersecurity compliance framework designed to protect utility organizations. Adhering to these guidelines is essential—falling short will leave your environment vulnerable to malicious actors and can result in some hefty fines.

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. This week we are exploring the concept of supply chain cybersecurity in a time when there is a rising number of third-party cyberattacks.

Now that 2021 is proving to not be the fresh start many hoped for, it’s time to re-examine the security lessons learnt in 2020. As the transformational business challenges of the last 12 months demonstrated, security should always be high on the agenda no matter what your organisation size. After all, as we revealed in our 2021 annual cyber security industry report, hackers don’t care what size or type of business you are – only if you’re an easy target.

Port scanning is the critical element of any cyber risk assessment conducted under infrastructure security or network security domains. It helps to identify all the exposed services on a system or network. Presence of open ports doesn’t indicates importance from attack perspective only; they are equally vital from a defensive front.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Have to say, this article topped my list of cool vulnerabilities this week, nay, a few months I think.

It’s been more than a month since the SolarWinds breach first started dominating security headlines, and we’re still learning new details about the attacks and the organizations affected. Even as the discussion quiets down, it’s easy to imagine we’ll still be looking back and analyzing the full effects of these incidents in much the same way we talk about other seminal breaches and security events from the past 20 years.

In today’s world, speed wins. Just take Amazon for example. You can place an order with the click of a button and have it delivered to your door in under twenty-four hours. Retailers that can’t compete with Amazon’s speed are falling behind. The same level of speed and efficiency is expected with technology. Companies are in a race to deliver new and innovative technology first. But aside from speed, companies are also concerned about the security of their software.

Sometimes it’s hard to convince people that security needs to be part of every software development process. “We passed all our tests,” they might tell you. “Isn’t that good enough?” The problem is that functional testing usually focuses on the happy path—a place where users act rationally, systems behave well, and nobody is attacking your application.