I recently had a conversation with a CISO at a major automobile manufacturing company who uses a DevSecOps strategy and so I started inquiring about it. What I discovered was a definition of DevOps which was terribly unsecure. I later asked around and I discovered this was not a single case, most companies who claim […]
We see them all the time: error messages. They are in our logs, in our monitoring and in our applications. We receive them so often we’ve become immune to them. We even have names for alerts errors we ignore such is known, false or phantom. This is one of the biggest problems with software today. […]
This sounds very strange. Security professionals and users alike are told we need to set up very complex passwords to protect our systems. This has been engrained in us so deeply we rely on it to protect all our most precious information. Current password complexity, however, is completely broken and our reliance on it is […]