Security Engineering Archives

bcrypt vs Argon2 vs scrypt vs PBKDF2: A 2026 Decision Framework

Deepak Gupta | June 4, 2026 | Argon2, Authentication, bcrypt, cryptography, Password Hashing, Security Engineering

Most "use bcrypt" posts are from 2014. Argon2 won the Password Hashing Competition in 2015 and nobody updated. Here is the actual 2026 decision framework for picking a password hashing algorithm ...

Deepak Gupta's notebook

Cybersecurity Insights with Contrast CISO David Lindner | 12/20/24

David Lindner, Director, Application Security | December 20, 2024 | ADR, Application Detection and Response (ADR), architecture design, CISO, Cloud platform protection, Cloud Security, Cybersecurity, Data Security, risk assessment, SEC disclosure rules, Security Engineering

Insight No. 1: Forget the hype. Cloud security is a battlefield, and you're woefully unprepared. Let's cut the crap. Everyone's talking about cloud security, but most organizations are still playing catch-up. You ...

AppSec Observer

Ross Anderson

Bruce Schneier | March 31, 2024 | cryptanalysis, cryptography, Cybersecurity, economics of security, Security Conferences, Security Engineering, Uncategorized

Ross Anderson unexpectedly passed away Thursday night in, I believe, his home in Cambridge. I can’t remember when I first met Ross. Of course it was before 2008, when we created the ...

Schneier on Security

New Report on IoT Security

Bruce Schneier | September 27, 2022 | Cybersecurity, Internet of things, Reports, Security Engineering, Uncategorized

The Atlantic Council has published a report on securing the Internet of Things: “Security in the Billions: Toward a Multinational Strategy to Better Secure the IoT Ecosystem.” The report examines the regulatory ...

Schneier on Security

Fortinet, platform, SSE NIST DLP Systems and the Solutions They Offer

NIST Sets SSE Framework in Final SP 800-160 Guidance

Nathan Eddy | June 24, 2022 | NIST, Secure Coding Guidelines, Security Engineering, systems engineering

The National Institute of Standards and Technology (NIST) published a final version of updated standards for systems security engineering (SSE) with significant content and design changes, including a renewed emphasis on the ...

Security Boulevard

Manipulating Machine-Learning Systems through the Order of the Training Data

Bruce Schneier | May 25, 2022 | academic papers, machine learning, Security Engineering, Uncategorized

Yet another adversarial ML attack: Most deep neural networks are trained by stochastic gradient descent. Now “stochastic” is a fancy Greek word for “random”; it means that the training data are fed ...

Schneier on Security

Purdue University’s CERIAS 2021 Security Symposium – Caroline Wong’s ‘Security Industry Context’

Marc Handelman | April 4, 2022 | Blockchain Education, cybersecurity education, Data Security, education, Information Security, Infosec Education, Purdue University CERIAS, security, Security Education, Security Engineering, Security Symposium

Our thanks to Purdue University’s The Center for Education and Research in Information Assurance and Security (CERIAS) for publishing their illuminating security symposiums, seminars, talks, and presentations on the Schools’ YouTube channel ...

Infosecurity.US

Purdue University’s CERIAS 2021 Security Symposium – Ira Winkler’s ‘You Can Stop Stupid: Human Security Engineering’

Marc Handelman | March 31, 2022 | cybersecurity education, education, Infosec Education, Purdue University CERIAS, security, Security Engineering, Security Symposium

Infosecurity.US

The Battle Between Linters, Scanners, and Data Flow Analysis

Katie Horne | July 22, 2021 | AppSec, DAST, SAST, Security Engineering, software engineering

How to balance accuracy and scan times when it comes to application security toolsImage by Gerd Altmann from PixabayWhen it comes to security tools, you’re typically balancing two things: how much time it takes ...

ShiftLeft Blog - Medium

SAST vs. DAST vs. SCA: A Comparison

Katie Horne | July 8, 2021 | AppSec, DAST, SAST, SCA, Security Engineering

Photo by Lukas from PexelsThere are many application security testing (AST) tools on the market. To describe them, we have several acronyms, including SAST, DAST, SCA.But, what do they mean?In this post, we’ll cover the ...

ShiftLeft Blog - Medium

Security Engineering

bcrypt vs Argon2 vs scrypt vs PBKDF2: A 2026 Decision Framework

Cybersecurity Insights with Contrast CISO David Lindner | 12/20/24

Ross Anderson

New Report on IoT Security

NIST Sets SSE Framework in Final SP 800-160 Guidance

Manipulating Machine-Learning Systems through the Order of the Training Data

Purdue University’s CERIAS 2021 Security Symposium – Caroline Wong’s ‘Security Industry Context’

Purdue University’s CERIAS 2021 Security Symposium – Ira Winkler’s ‘You Can Stop Stupid: Human Security Engineering’

The Battle Between Linters, Scanners, and Data Flow Analysis

SAST vs. DAST vs. SCA: A Comparison

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On