Parisa Tabriz, head of Chrome security and leader of Project Zero, calls out Google’s leadership approach in Internet security as a combination of muscle and joint efforts.
Software updates and security patches for critical-infrastructure systems like those of hospitals, 911 dispatchers, and power plants aren’t easy or cheap. But there’s no excuse, experts say, for neglecting them.
When consumer-facing companies don’t take reports of data leaks seriously, customers become exposed to financial fraud and identity theft as in the recent Panera Bread incident.
Security researchers at Recorded Future say China goes to great lengths to obscure truths in its software vulnerability disclosures, in part to conceal the inner-workings of its own cyberattacks.
The CCleaner hack shows that even utilities can be used to hack unsuspecting targets. Software vendors need to verify that the software they distribute is secure, experts say, scrutinizing it from acquisition through routine updates.
While experts acknowledge that pacemaker hacks aren’t likely, the risk underscores a need for better communication among security researchers, doctors, the FDA, and medical-device manufacturers.
Organizations don’t necessarily need to pay for zero-days, experts say. First, they need to set up vulnerability disclosure channels and establish reasonable response times.
The 3-section order, which builds largely on initiatives the Obama administration set in motion, outlines federal guidance to “create more cohesion and consolidation between agencies.”
At hacking contests like Pwn2Own, individual hackers can shine. Participating companies, meanwhile, can find and recruit badly needed talent, as they build hacker-friendly reputations.
Revision proposals for the international agreement to control weapons exports aim to address language that could have severe consequences for security researchers.
From a plea for an “NIH for cyber” to a plan for “software supply chain transparency,” Black Hat and DefCon insiders say it’s time for the U.S. government to ensure software safety.
In the 30 years since President Reagan signed the Computer Fraud and Abuse Act into law, it’s been the subject of heated controversy and undergone many alterations. What’s next?