The DHS is inviting hackers to break into its systems, but there are rules of engagement

The United States Department of Homeland Security (DHS) is inviting security researchers to uncover vulnerabilities and hack into its systems, in an attempt to better protect itself from malicious attacks. The DHS ...
open source Bug Bounty Program Overhaul

Searching for Bugs in Open Source Code

Let’s dispel the myth first: Open source software isn’t any less secure than closed source software. However, once a vulnerability is found in an open source program, it tends to be much ...
Security Boulevard
SSN Missouri teachers HTML

Show-Me State Governor Threatens Reporter Who Showed Vulnerability

When the state of Missouri put up a website to allow parents of Missouri schoolchildren to check the credentials of their teachers, the teachers’ names, school affiliations and credentials were visible in ...
Security Boulevard
Finding Sensitive Data Leaks In Code Using ShiftLeft CORE

Finding Sensitive Data Leaks In Code Using ShiftLeft CORE

Getting started with a source code review using ShiftLeft COREPhoto by Roman Synkevych on UnsplashPerforming a source code review is one of the best ways to find security issues in an application. But ...
digital signatures State Department access law computer McAfee Breach Stormy Daniels Lawsuit Contracts

US Offers Bounty for Tips on State-Sponsored Cybercrime

Last week, the Biden administration announced a ‘new’ Rewards for Justice program offering up to $10 million USD for information relating to those who create and perpetuate ransomware attacks against U.S. infrastructure ...
Security Boulevard
XStream Vulnerabilities — Detection & Mitigation

XStream Vulnerabilities — Detection & Mitigation

XStream Vulnerabilities — Detection & MitigationLooking at RCEs in the XStream Java Library and How you can prevent themIntroductionXStream from ThoughtWorks is a simple library to serialize and deserialize objects in XML and JSON format ...
Van Buren data privacy Accenture

What the Van Buren Case Means For Security Researchers

The federal computer crime law prohibits “computer trespass.” This includes both “accessing” a computer without authorization, and “exceeding the scope of authorization” to access a computer. If these terms seem vague and ...
Security Boulevard

Katie Moussouris – Coordinated Vulnerability Disclosure and the Problem with Bug Bounty Platforms

TechSpective Podcast Episode 067 Vulnerabilities are everywhere and they will not be going away. That means they need to be researched and discovered and addressed. But, what is the right way to ...
legacy remote work cities mayors collaboration remote workforce security

Human and Software Flaws Leave Remote Workers Vulnerable

Last year was challenging for all of us, both as companies and as individuals. We had to adapt to new norms, including the shift to remote work and increased dependence on the ...
Security Boulevard
Ukraine cybersecurity Windows remote code printers Bugcrowd

Bugcrowd Report Shows Marked Increase in Crowdsourced Security

The impact of the novel coronavirus pandemic on how enterprises work—and secure their workers and data—will last for years. And while the long-term ramifications are yet to be known, a recent survey ...
Security Boulevard