How Much Should the Federal Government Worry About Log4j?
There is an old fable that talks about the circle of life in the plains of Africa where every morning a gazelle wakes up and knows that it must run faster than the lion or it will be eaten. The current Apache log4j remote shell execution (RCE) exploit that is ... Read More
How Does Securing the Software Supply Chain Fit the DoD CIO Zero Trust Architecture?
A major buzzword passed around this year is the term “zero trust.” As with similar phrases that have come before, there are different definitions depending on who you ask and what area of technology they care about. I wanted to talk about what it means in the context of building ... Read More
What is Dependency Confusion and Why Does it Matter in the Federal Sector?
In my years of experience supporting the federal government in different capacities, I have seen the evolution of attack methods match the pace of innovation as our information systems become even more advanced. No matter the state of the technology, it is always that proverbial “cat and mouse” game where ... Read More
