Proactive Security of your AWS Cloud

Cloud adoption has increased exponentially over the years. 94% of enterprises use the cloud already. There used to be two main camps of cloud users as below: Cloud users who were skeptical of security of public cloud in the first place. Cloud users who believe that public cloud takes care of all security aspects automatically […]

FOSS vulnerability creep

It is estimated that Free and Open Source Software (FOSS) constitutes nearly 80-90% of any given piece of modern software. All sectors (public/private/tech/non-tech) have heavy reliance on software. It is imperative then to ensure health and security of open source software. Linux Foundation founded the Core Infrastructure Initiative (CII) back in 2014. CII members provided […]

To err is developer (err human), no “secrets” there!

Developers are in a constant race against time to deliver new features and capabilities in software. Things are hastened with philosophies like “release early, release often”. This constant rush means that developers are bound to inadvertently make mistakes along the way. Developers are human after all. Hence, the focus needs to be on having the […]

Security shifts left

RSA recently published “20 Predictions for 2020”. These are spot on and interesting. While these predictions cover the complete security landscape, I would like to draw attention to one specific prediction here, “#5 – Security shifts left”. The basic idea with “security shifts left” is to ensure that DevOps teams perform required steps during CI/CD […]

Avoid vulnerability creep via 3rd party softwares

Earlier last month NIST released a draft copy of CyberSecurity White paper titled “Mitigating the risk of Software Vulnerabilities by adopting a Secure Software Development Framework [SSDF]” for comments. The paper highlights how few software development lifecycle [SDLC] models explicitly address software security in detail and it recommends a core set of high-level secure software […]