David Lindner, Director, Application Security

AppSec Observer

Insight #1 "AI scams are on the rise. It’s time for extra diligence when interacting with anything claiming to be AI."   Insight #2 "FEDRAMP released rev 5 this week. Those of you with a FEDRAMP ATO have 1 year to comply with the new version."   Insight #3 " ... Read More

Insight #1 "An OWASP Top Ten for Generative AI has spawned. This will be fun to follow!"   Insight #2 "It costs more to pay a ransom and recover than it does to not pay a ransom and recover, cyber insurers are starting to notice."   Insight #3 "It’s been ... Read More

Insight #1 " Be extremely careful of ChatGPT lookalikes and fakes as scammers are taking advantage of the buzz and tricking victims into biting."   Insight #2 " There is no need for .zip or .mov top-level domains (TLD) unless you are a malicious actor. These should be removed immediately." ... Read More

Insight #1 "Privacy is becoming a problem for many organizations. In a 2023 report by IAPP, 80% of consumers sometimes or always stop doing business with a company after a breach."   Insight #2 "We need to start treating all data as regulated data and if you collect data for ... Read More

Insight #1 " An HBR  article  was written about boards and cyber security of which I agree. Cyber security is a hot topic in the board room and the discussions typically focus on Protection, aka what tools and processes have we employed to protect the company. However, that discussion should ... Read More

Insight #1 "If we learned anything from RSA, AI is the new buzzword like “Big Data” or “Zero Trust.” One thing that is apparent is if you are not figuring out ways to make your business and security teams more efficient with AI, you are falling behind." Insight #2 "If ... Read More

Insight #1 "Recent research shows that code written with AI assistance is more insecure. It’s time we get in front of this and make sure code written by AI is scrutinized just as code written by humans is."   Insight #2 "Lots of discussion on agent vs agentless cloud workload ... Read More

Insight #1 " AI, AI, AI, it’s going to help everyone including malicious actors. We will see an AI-based attack in 2023."   Insight #2 " June 14th is getting ever so close (timeline for compliance with OMB 22-18), are you ready to start providing security self-attestations and SBOMs for ... Read More

Insight #1 " A malicious browser extension, AF, was detected this past week. AF steals your Gmail contents from an initial spear phishing attack. Delete this extension immediately if you are using it."   Insight #2 " The IRS-authorized website of eFile.com was found to be infected with a malware ... Read More

Insight #1 " Microsoft Security Copilot, a generative AI approach to helping secure your systems was announced this week. This is exciting for all security teams, especially those who are dealing with alert fatigue and constrained resources."   Insight #2 " The proposed US cyber security budget for 2023 is ... Read More