A cybersecurity leader with over 20 years of experience in the field, Michael Gregg will focus on end point protection, risk management and more as the State of North Dakota's new Chief Information Security Officer (CISO).
The new bill, the DHS Software Supply Chain Risk Management Act of 2021 (H.R. 4611), will secure the supply chains involved in Department of Homeland Security software contracts by requiring a new certification.
Oftentimes, security leaders and organizations need more clarification about the types of cybersecurity assessment services. Let's look at the goal of each service, its scope and the methodology used.
In a new study that surveyed enterprises with 3,000 or more employees, 60% of respondents are concerned pentesting gives them limited coverage or leaves them with too many blind spots.
The Pentagon’s Cyber Crime Center and bug bounty vendor HackerOne have launched the Defense Industrial Base Vulnerability Disclosure Program (DIB-VDP), an effort to share vulnerability data and boost digital hygiene within the defense industrial base. According to HackerOne, any information submitted to the DIB-VDP under this program will be used for defensive purposes – to mitigate or remediate vulnerabilities in DoD contractor information systems, networks, or applications.
Meet Ali Golshan, CTO and co-founder at StackRox, a Mountain View, Calif.-based leader in security for containers and Kubernetes. Prior to StackRox, he was the Founder & CTO of Cyphort (acquired by Juniper Networks) and led the company's product strategy and research initiatives. Previously, he worked as a security researcher and engineer at Microsoft and PwC. His career started in government, conducting security and vulnerability research for the intelligence community. Here, we talk to Golshan about the benefits of DevOps.
The Common Vulnerabilities and Exposures (CVE®) Program announced it is granting authority to the Cybersecurity and Infrastructure Security Agency (CISA) for managing the assignment of CVE Identifiers (IDs) for the CVE Program.
The Cybersecurity and Infrastructure Security Agency (CISA) issued a draft binding operational directive, BOD 20-01, which will require federal civilian executive branch agencies to publish a vulnerability disclosure policy (VDP).
