Thought Leaders

In the fast-changing fields of cybersecurity and software development, the importance of creating secure software is more crucial than ever. Recently, my colleagues and I at the Open Source Security Foundation (OpenSSF) ...

Insight #1 Guard against island hopping. The recent ransomware attack against 60 credit unions was due to the lack of proactive cybersecurity in a managed service provider (MSP).  It is high time ...

  ...

Insight #1 Google is now defaulting to the use of passkeys for authentication. This is a huge step in increasing the strength of the authentication mechanism out of the box for users, ...

The biggest problem facing software organizations today is an inability to track, monitor, and improve the usage of open source software. This isn’t about security alone. From DevOps to DevSecOps, there are ...

Insight #1 AI voice cloning is a problem: It’s reportedly taken the top spot in scam trends, particularly targeting seniors. “My voice is my passport” can no longer be a thing.  ...

Insight #1 For years — since 2018 — the National Institute of Standards and Technology (NIST) has said that password length trumps password complexity requirements. Now LastPass is forcing users into choosing ...

Insight #1 There will always be a balance in the psychological acceptability of any security controls put on users. This is especially important when developing a data loss prevention (DLP) strategy for ...

Insight #1 Software Bills of Materials (SBOMs) are nothing more than a data point for determining risk. They shouldn’t be treated as gospel ...

Insight #1   There will never be an environment that is totally, 100% secure — at least, not one that provides any functionality. With that in mind, examine what security control layers ...