Having spent the last 10 years or so working with technology on a day-to-day basis, I thought I’d seen a good deal of “Woah, that is cool” moments. These moments range from just discovering modern day technology (the fact that companies made billions on database software blew my much younger mind for about a week) to more niche discoveries (my first identified SQL Injection vulnerability was a doozie, and I didn’t even know it had a name until two years later!)
I thought the vendor testing angle could be interesting. We had just launched our VAST program so the topic made our marketing folks happy, but also because I think the supply chain analogy can be an interesting lens to view the security industry. We can think about the software supply chain as the vulnerability supply chain.
Nate Silver, the rock star statistician behind the New York Times FiveThirtyEight blog, became an unwilling player in the heated political rhetoric ahead of the Nov 6. Presidential election. Silver covers politics and other news from the viewpoint of a statistician: putting the rhetoric and the political consultant’s alchemy aside to look at the numbers.
Our new SoSS Feature Supplement report found that 62% of vendor applications fail to comply with enterprise security policies upon first submission. This stat, more than any other in the report, demonstrates the need for an executive level mandate to secure the software supply chain.
Our latest SoSS release is a feature supplement, these allow us to extend our analysis to a variety of topical areas. This feature supplement focuses on the actual state of vendor application security testing programs currently being implemented by our enterprise customers.
What is Movember?
“Since its humble beginnings in Melbourne, Australia, Movember has grown to become a truly global movement inspiring more than 1.9 Million Mo Bros and Mo Sistas to participate with formal campaigns in Australia, New Zealand, the US, Canada, the UK, South Africa, Ireland, Finland, the Netherlands, Spain, Denmark, Norway, Belgium and the Czech Republic. In addition, Movember is aware of Mo Bros and Mo Sistas supporting the campaign and men’s health cause across the globe..
Tuesday’s Presidential election in the U.S. didn’t result in deadlocked vote counts, hanging chads or court challenges. But all the ingredients were there. First among them: a hackeneyed and insecure vote collection system that fails to protect the integrity of votes.
Something unusual happened recently: I found an XSS problem in the web application controlling our security scans.
Let’s set the stage; I started using the Internet before it was called the Internet. I had some informal security training in college and graduate school, but when I started my first job my boss said “I’m going to make you a security expert.” I’ve used that security training, and kept learning more, in the jobs I’ve had in the thirty years since then.
I would like to share with you all the results of my scan and review of the Alexa Top 1,000,000 Sites HTTP response headers as they relate to security. I was mostly curious about which sites were using Content Security Policy (CSP) but ended up becoming more interested in all of the various modern day security headers that sites specify. The results were pretty impressive and I certainly learned a lot from it.