The NSA and CISA have issued five joint bulletins outlining best practices for securing cloud environments, covering identity and access management, key management, encryption, data security, and mitigating risks from managed service providers.
Today, CISA partnered with the Open Source Security Foundation (OpenSSF) Securing Software Repositories Working Group to publish the Principles for Package Repository Security framework. Recognizing the critical role package repositories play in securing open source software ecosystems, this framework lays out voluntary security maturity levels for package repositories. This publication supports Objective 1.2 of CISA’s […]
Organizations trying to cope with securing their expanding attack surfaces eventually find themselves at a crossroads: they need to move beyond finding risks to effectively mitigating risk. Making that transition starts with a shift from using “risks found” as the KPI to “risks remediated” as the true measure of success. That change shifts security team […]
Oct 11, 2023The Hacker NewsPassword Security / Data Safety Passwords are at the core of securing access to an organization’s data. However, they also come with security vulnerabilities that stem from their inconvenience. With a growing list of credentials to keep track of, the average end-user can default to shortcuts. Instead of creating a strong […]
Twistlock was founded in 2015 with the idea of securing the nascent cloud native computing environment, a notion you could argue was well ahead of its time. When the company was acquired by Palo Alto Networks in 2019 for $410 million, it turned out that wasn’t the end of the story. The founding group got […]