Architecture, Software and Whitepaper - Cyber Security Informer

Hoarding, Debt and Threat Modeling

Adam Shostack

JANUARY 30, 2025

This is why I included interpersonal factors in the Jenga whitepaper.) On the other side is a whiteboard with a software architecture diagram We all have too many tasks, and those where you cant imagine success, or where success seems not worth the price, are ones we want to skip.

Architecture

Architecture Engineering Software

Taming the Wild West of ML: Practical Model Signing with Sigstore

Google Security

APRIL 4, 2025

We have seen remarkable progress leading to weekly launches of various applications which incorporate ML models to perform tasks ranging from customer support, software development, and even performing security critical tasks. With the advent of LLMs, the ML field has entered an era of rapid evolution.

Risk

Risk Software Architecture

Safety and Security in Automated Driving

Adam Shostack

JULY 8, 2019

“ Safety First For Automated Driving ” is a big, over-arching whitepaper from a dozen automotive manufacturers and suppliers. I also like Figure 27 & 28 (shown), showing risks associated with a generic architecture.

Risk

Risk Architecture Manufacturing Cybersecurity

Securing tomorrow's software: the need for memory safety standards

Google Security

FEBRUARY 25, 2025

Technologies like ARM's Memory Tagging Extension (MTE) and the Capability Hardware Enhanced RISC Instructions (CHERI) architecture offer a complementary defense, particularly for existing code. This encourages innovation and allows software and hardware manufacturers to adopt the best solutions as they emerge.

Software

Software Technology Government Architecture

MITRE ATT&CK: The Magic of Application Mitigations

Cisco Security

MARCH 17, 2021

Today’s application architectures support fast, continuous innovation. Back end architectures use small, independent code modules called microservices. Clearly today’s application architectures use a lot of components, making them more complex, but the benefits run deep. They were simpler, sure, but so are horse-drawn carriages.

Architecture

Architecture Software Digital transformation Risk

A Spectre proof-of-concept for a Spectre-proof web

Google Security

MARCH 12, 2021

We've confirmed that this proof-of-concept, or its variants, function across a variety of operating systems, processor architectures, and hardware generations. In 2019, the team responsible for V8, Chrome’s JavaScript engine, published a blog post and whitepaper concluding that such attacks can’t be reliably mitigated at the software level.

Engineering

Engineering Architecture Software Firmware

Qualities of a Highly Available Cloud

McAfee

NOVEMBER 16, 2021

Instead, the best of breed functionality was purposefully reconstructed for SSE, using a microservices architecture that can scale elastically, and built on a platform-neutral stack that can run on bare metal and public cloud, equally effectively. From the start, the architecture was designed with zero trust in mind.

Architecture

Architecture Data privacy Software Engineering

Securing Containers with NIST 800-190 and MVISION CNAPP

McAfee

DECEMBER 9, 2020

Companies have moved quickly to embrace cloud native applications and infrastructure to take advantage of cloud provider systems and to align their design decisions with cloud properties of scalability, resilience, and security first architectures. DevSecOps Software Lifecycle: Referenced in DoD Enterprise DevSecOps Reference Design v1.0

Architecture

Architecture Risk Technology Penetration Testing

10 Lessons Learned from the Top Cyber Threats of 2021

Security Boulevard

JANUARY 10, 2022

We published a whitepaper about Tactics, Techniques, and Procedures (TTPs) and also tools utilized by the DarkSide threat actors. . Improve visibility of your software inventory. Most notably, US-based Colonial Pipeline Company paid 4.4 million USD after its operations were brought to a halt by this ransomware campaign in May 2021.

Cyber threats

Cyber threats Ransomware Risk Architecture

To Achieve Zero Trust Security, Trust The Human Element

Thales Cloud Protection & Licensing

MAY 6, 2021

While NIST has developed a blueprint for Zero Trust - you can read about it in this whitepaper - which can serve as a great start for your journey, organizations need to understand that Zero Trust is above all a mindset. Just like Hercules and the road of Virtue, Zero Trust is a path leading to better security. The answer is a triage step.

Social Engineering

Social Engineering Authentication Passwords Technology

Establishing Security Maturity Through CIS Cyber Defense Framework

McAfee

APRIL 20, 2020

In this blog we set out to see how choosing the correct security controls framework can go a long way in establishing a secure foundation, which then allows Enterprise security designers/decision makers to make more informed solution choices while selecting the controls and vendor architectures.

Architecture

Architecture Risk Data breaches Cyber threats

A Reflection On ForAllSecure's Journey In Bootstrapping Behavior Testing Technology

ForAllSecure

APRIL 3, 2019

Software security is a global challenge that is slated to grow worse. The application attack surface is growing by 111 billion new lines of software code every year, with newly reported zero-day exploits rising from one-per-week in 2015 to one-per-day by 2021, according to the Application Security Report from Cybersecurity Ventures.

Technology

Technology Software Marketing CISO

A Reflection On ForAllSecure's Journey In Bootstrapping Behavior Testing Technology

ForAllSecure

APRIL 3, 2019

Software security is a global challenge that is slated to grow worse. The application attack surface is growing by 111 billion new lines of software code every year, with newly reported zero-day exploits rising from one-per-week in 2015 to one-per-day by 2021, according to the Application Security Report from Cybersecurity Ventures.

Technology

Technology Software Marketing CISO

A REFLECTION ON FORALLSECURE'S JOURNEY IN BOOTSTRAPPING BEHAVIOR TESTING TECHNOLOGY

ForAllSecure

APRIL 3, 2019

Software security is a global challenge that is slated to grow worse. The application attack surface is growing by 111 billion new lines of software code every year, with newly reported zero-day exploits rising from one-per-week in 2015 to one-per-day by 2021, according to the Application Security Report from Cybersecurity Ventures.

Technology

Technology Software Marketing CISO

Cyber Security Informer

Hoarding, Debt and Threat Modeling

Taming the Wild West of ML: Practical Model Signing with Sigstore

Trending Sources

Safety and Security in Automated Driving

Securing tomorrow's software: the need for memory safety standards

MITRE ATT&CK: The Magic of Application Mitigations

A Spectre proof-of-concept for a Spectre-proof web

Qualities of a Highly Available Cloud

Securing Containers with NIST 800-190 and MVISION CNAPP

10 Lessons Learned from the Top Cyber Threats of 2021

To Achieve Zero Trust Security, Trust The Human Element

Establishing Security Maturity Through CIS Cyber Defense Framework

A Reflection On ForAllSecure's Journey In Bootstrapping Behavior Testing Technology

A Reflection On ForAllSecure's Journey In Bootstrapping Behavior Testing Technology

A REFLECTION ON FORALLSECURE'S JOURNEY IN BOOTSTRAPPING BEHAVIOR TESTING TECHNOLOGY

Stay Connected