Secrets end up everywhere, from dev systems to CI/CD pipelines to services, certificates, and cloud environments. Vlad Matsiiako shares some of the tactics that make managing secrets more secure as we discuss the distinctions between secure architectures, good policies, and developer friendly tools. We've thankfully moved on from forced 90-day user...
We have a top ten list entry for Insecure Design, pledges to CISA's Secure by Design principles, and tons of CVEs that fall into familiar categories of flaws. But what does it mean to have a secure design and how do we get there? There are plenty of secure practices that orgs should implement around supply chains, authentication, and the SDLC. Thos...
The old CAPTCHA method of verifying human website visitors is clunky, inefficient and annoying. Here's how websites can smoothly and seamlessly establish user humanity.
Keyfactor research finds that about 18% of RSA-based digital certificates have flaws ranging from trivial to very serious. A new tool promises to find them.
Quantum computers could arrive any day, yet it'll take years to swap out vulnerable encryption algorithms for "quantum-safe" replacements. Here's why and how to start the transition now.
Noam Krasniansky, the visionary founder of Komposite Blockchain, joins Business Security Weekly to explore Web3's transformative potential. Noam delves into the basics of blockchain technology, Bitcoin and the meteoric rise of Ethereum, and the critical role of decentralized systems in safeguarding brands against counterfeiting—a global issue costi...
Just three months into 2025 and we already have several hundred CVEs for XSS and SQL injection. Appsec has known about these vulns since the late 90s. Common defenses have been known since the early 2000s. Jack Cable talks about CISA's Secure by Design principles and how they're trying to refocus businesses on addressing vuln classes and prioritizi...
Curl and libcurl are everywhere. Not only has the project maintained success for almost three decades now, but it's done that while being written in C. Daniel Stenberg talks about the challenges in dealing with appsec, the design philosophies that keep it secure, and fostering a community to create one of the most recognizable open source projects ...
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
