Fahmida brings over a decade of IT security news reporting along with ten years of network administration and software development to Decipher. Every security story has a human face, and her goal is to bring those stories to light. As the senior managing editor of Decipher, she will focus on ways security can impact how people live, work, and play. She enjoys working on stories that speak to those outside the security industry, highlighting the intersection of security and other technology areas. Over the years, she has seen enough to make her overzealous about her personal threat-model, but she doesn’t hold it against anyone for having a more relaxed worldview.
When GitHub unveiled its Security Alerts scanning feature last November, it was betting that if project owners knew which software components they were using had vulnerabilities, they would update them with patched versions. GitHub said that by Dec. 1, 450,000 vulnerabilities had been resolved, either by removing the dependency entirely or swapping out with a more recent, patched version. That's a little over 10 percent of the vulnerabilities addressed, right off the bat.
Recent advances in artificial intelligence, especially in deep learning and other machine learning approaches, are really exciting for the future of security. In the rush to roll out AI in security technology, it is easy to forget that machine learning is just a tool, and that like any tool, is the most effective when used by an expert.
Organizations don't have to decide between hiring a CSO/CISO or not having a security leader at all. They can tap the CISO's security expertise by working with a virtual CSO. Gal Shpantzer and Wim Remes talk about the challenges of being an intricate part of the organization's security but still an outsider.
The disclosure this week of several new vulnerabilities in AMD chips--without any technical details--has again raised concerns about the way some researchers choose to deal with vendors on vulnerability research.
It’s easy to talk the security talk, but it isn’t so easy to walk the walk. We learned that the hard way at a IoT security workshop during the 2018 Security Analyst Summit. We were asked to design a security product to protect an average household’s collection of IoT devices.