Thursday, February 3, 2022

Threat modeling irl, battling cloud vulnerabilities, the software supply chain

View in browser

February 03, 2022 – Volume 15

The Brief

  • While Docker containers have become an essential technology for microservices and auto-scaling in CI/CD pipelines, they've introduced risks that software teams need to understand better and mitigate. Learn the Best Practices for Docker Container Security for deploying microservices securely.

  • "More than half of connected medical devices and IoT platforms in hospitals operate with a known critical vulnerability." Shifting security left in the development of medical device software could help identify and mitigate vulnerabilities like these. Creating a system-level threat model (as required by the FDA) can mitigate vulnerabilities like these.
  • A $5M grant by Microsoft and Google to the Open Source Security Foundation (OpenSSF) speaks to the critical importance of 3rd-party software risk every enterprise is facing today. The grant will fund a two-part project that aims to scale vulnerability testing of the top 200 projects every year while running automated testing on an additional 10,000 projects.

Happenings

30-Minute Threat Model

While threat modeling is an incredibly useful process, it can also be intimidating. In this webinar, watch a short threat model of a feature in one of our CMD+CTRL applications to see firsthand how threat modeling can benefit your SDLC.
Monday, February 7th at 2:00pm EST

Tuesday, February 8th at 1:00pm EST

Cloud Application Authentication and Access Control Vulnerabilities

Watch as we dive deep into three common vulnerabilities found in the cloud –plus get a live look at the real-world effects of these vulnerabilities using one o four cloud-focused cyber ranges.
Wednesday, February 9th at 1:00pm EST

The Primary Colors of Cybersecurity: Red, Blue and Purple Teams

Teaching dev and operations teams to think both offensively and defensively positions them for improved cybersecurity. Join this talk to hear industry experts explain the tremendous value of using attack and defend tactics.
Friday, February 4th at 1:00pm EST
Friday, February 11th at 1:00pm EST

Defending Against Live MITRE ATT&CKs

See firsthand how attackers can exploit the OWASP Top Ten and other vulnerabilities to break into applications and systems - and learn defensive techniques that can help to immobilize them.
Thursday, February 10th at 1:00pm EST

Insights

2022-02-03-9-in-10

 

Nearly 90% of CISOs surveyed say microservices, containers, and Kubernetes have caused application security blind spots.

Newsletter Insight Icons

 

It's been nearly nine months since the White House released its executive order on improving US cybersecurity. Since then, three-quarters of respondents to a recent survey reported their fiscal 2022 IT security budgets had been increased to meet the requirements.

2022-02-03-300-percent

 

According to a new study, software supply chain attacks more than tripled in 2021 over 2020, highlighting that security training needs to go beyond code.

Have you been enjoying the newsletter? We're a business, too! Let's talk about helping you with solving software security from every angle.

No comments:

Post a Comment

Best of Artemis, week ending July 5th 2026

Catch up on our top stories of the last week ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌...