Weekend Reads 070320

While the pandemic circling the globe has undermined many critical systems and institutions of our society, I believe it also has the potential to strengthen the resolve of the Internet community to embrace the vision Berners-Lee had more than 50 years ago. We have the opportunity to enter the next major phase of the Internet — the era of trust. —Byron Holland

Driven by growth in the JavaScript, Java, and Python ecosystems, the number of open source software packages more than doubled in 2019, but the number of vulnerabilities fell by 20%, suggesting that developers are weeding out simple vulnerabilities, a new report shows. —Robert Lemos

MANRS began as a collaboration among network operators and internet exchange providers, with Verisign formally becoming a participant in its Network Operator Program in 2017. Since then, with the help of Verisign and other MANRS participants, the initiative has grown to also include content delivery networks (CDN) and cloud providers. —Yong Kim

Insider threats can be accidental or intentional, but the impact of insider breaches remain the same. Negligence at the organization regarding data privacy requirements and compliance can cause catastrophic data loss. To implement effective mitigation measures, employees must be aware of their responsibility towards the usage and sharing of data. With recent changes in data protection and privacy laws, various companies have seen a significant impact on their current security practices and controls. —Ikjot Saini

Security researchers came across a new ransomware family called “CryCryptor” that masqueraded as a Canadian COVID-19 tracing app. —David Bisson

There have been many workshops and training sessions and much in the way of counting the generation of RPKI certificates and Route Origin Attestations in recent months. The data published by the US National Institute of Standards and Technology (NIST) in its RPKI monitor is a good example (https://rpki-monitor.antd.nist.gov). Around 20% of the announced prefix / origin AS pairs have an associated valid ROA. —Geoff Huston, Jaoa Damas

Each of the FANGAM stocks are investments in incredible companies (germ of truth), and they function better in this virus-infested world (another germ of truth). But at the core, their existence is grounded in the real, not virtual, world. —Vitaliy Katsenelson

AMD this week announced it had exceeded its goal to increase energy efficiency 25-fold by 2020. Called the 25×20 goal, it has been a driving force for the company for most of the last decade and explains why cloud providers like Google have begun to favor AMD processors. —Rob Enderle

Deception tools basically use misdirection, false responses, and other tricks to lure attackers away from legitimate targets and point them to honeypots and other decoy systems designed to trap or distract them from their missions. Deception tools — many of which leverage artificial intelligence (AI) and machine learning (ML) — can help organizations detect intrusions early and provide them with an opportunity to observe an attacker’s tools and tactics. —Jai Vijayan

Foundational controls are basic measures that should ideally form the basis of any organization’s IT security posture. As such, they should constitute the foundation on which an organization bases the rest of its IT security strategy. —Dean Ferrando