David Lindner, Director, Application Security

AppSec Observer

Insight No. 1 — Prioritize proof over promises in agentic AI SC World recently noted that there were three points missing from agentic AI conversations at RSAC. I agree. Many new technologies arrive with significant fanfare. Agentic AI is no exception. However, we must prioritize practical validation over promises. Without ... Read More

Insight No. 1 — Security vendor alert Regarding the open letter that hit a nerve at RSAC this year for calling out lack of reliability, accountability and transparency on the part of some security vendors, consider this: A security vendor that profits from providing the very data needed to detect ... Read More

Insight No. 1 — Echoes of aspiration, shadows of history for SWFT The Software Fast Track (SWFT) proposal for DoD echoes the aspirations of Memorandum M-24-15 from 2024, yet history suggests a repeat outcome. The reluctance of federal entities to conduct independent audits, even after policy shifts, wasn't due to ... Read More

Insight No. 1 — Know which vulnerabilities are active in production Consider this: your pre-production scans might flag hundreds of vulnerabilities, but which ones are actually being exploited in your live environment? The uncomfortable truth is that without visibility into your production runtime, you're operating in the dark, potentially focusing ... Read More

Insight No. 1 — Fast code, slow security? Think ADR Consider the scenario: Development teams are pushing code at unprecedented speeds, and vulnerabilities, whether human or AI-generated, are lingering far too long. What's the logical outcome? Increased exploitation in your production environment. The strategic imperative is clear: We must implement ... Read More

Insight No. 1 — CVE program’s near-death exposes security's single point of failure The recent near-halt of the CVE program due to funding issues highlights a critical vulnerability in our industry's reliance on single points of failure. While CISA's extension averted immediate crisis, it exposed the potential for security's foundational ... Read More

Insight No. 1 — How to survive without CISA As CISA scales back, it’s time for enterprises to wake up to a harsh reality: You can’t rely on the government to secure your infrastructure. The safety net is shrinking, and those still waiting for public-sector handholding are falling behind. Smart ... Read More

Insight No. 1 — Cyber calm: Lead like a Zen master, fight like a ninja Remaining calm is a cornerstone of effective leadership during a cyberattack. Staying composed under pressure not only helps you manage the crisis but also shapes how your team and stakeholders respond. A calm demeanor fosters ... Read More

Insight No. 1 — Phishing 2.0: Time to throttle your old password With phishing attacks growing more sophisticated — using AI, QR codes and hijacked emails — take action by enabling multifactor authentication (MFA) and updating passwords frequently. Always verify sensitive requests, even from familiar sources, and approach QR codes ... Read More

Insight No. 1 — Cheaping out on cybersecurity & dental hygiene both lead to pain & cost When it comes to security budget cuts, not all choices are equal: Some can leave your organization wide open to attacks. Skimping on staff training and technology upgrades might seem like an easy ... Read More