Weekend Reads 111122


User-first security must begin with an understanding of how people use computing technology. We have to ask: What is it that makes users vulnerable to hacking via email, messaging, social media, browsing, file sharing?

How does the industry effectively assess software security, enabling an approved list (allowlist) of software and libraries on distributed systems across multiple industries?

The COVID pandemic pushed a lot of school coursework to the internet, with an increased reliance on true/false and multiple-choice tests that can be taken online and graded quickly and conveniently.

Top chipmakers Nvidia, Intel, ARM, and AMD are providing the hardware hooks for an emerging security concept called confidential computing, which provides layers of trust through hardware and software so customers can be confident that their data is secure.

Rather than ensuring security, the focus across the software development life cycle (SDLC) is beating the competition to market. In fact, innovation is often seen at odds with security — the former believed to be fast-paced and productive, and the latter a roadblock that stifles quick-moving application development.

Responding to a recent surge in AI-generated bot accounts, LinkedIn is rolling out new features that it hopes will help users make more informed decisions about with whom they choose to connect.

Several models have been proposed to the Multi-State Information Sharing and Analysis Center (MS-ISAC) and other ISACs for a role in software assurance for supply chains using the Software Bill of Material (SBOM) information and associated digital signatures.

A lack of precision in our terminology leads to misunderstandings and confusion about the activities we engage in, the information we share, and the expectations we hold.

As has happened with other Web technologies designed for legitimate use, the InterPlanetary File System (IPFS) peer-to-peer network for storing and accessing content in a decentralized fashion has become a potent new weapon for cyberattacks.

Tests show that deploying malware in a persistent manner on load balancer firmware is within reach of less sophisticated attackers.

This fall, Microsoft claimed to have addressed anticompetitive cloud infrastructure complaints from a few smaller cloud services providers in Europe.

The findings suggest a loose but visible alignment between Russian government priorities and activities and ransomware attacks leading up to elections in the six countries.

Meta, formerly Facebook, once seemed an impenetrable fortress, but it’s now showing big cracks.

As a security researcher, common vulnerabilities and exposures (CVEs) are an issue for me — but not for the reason you might think.

That will be one of the reasons crypto has been plummeting for most of this year but recent events have intensified the sense of crisis.