We've known that social engineering would get AI wings. Now, at the beginning of 2026, we are learning just how high those wings can soar.
The post Cyber Insights 2026: Social Engineering appeared first on SecurityWeek.
China has more than 5,000 cybersecurity companies and all the top 20 firms are working with the government.
The post Cybersecurity Firms React to China’s Reported Software Ban appeared first on SecurityWeek.
Easterly will be leading the world-renowned cybersecurity conference and other RSAC programs.
The post Former CISA Director Jen Easterly Appointed CEO of RSAC appeared first on SecurityWeek.
Next month, the annual Most Inspiring Women in Cyber Awards will take place at The BT Tower, London, celebrating some of the industry’s most inspirational – and oftentimes unsung – women.
Sponsored by Fidelity International, BT, Plexal and Bridewell, and proudly supported by industry-leading diversity groups WiTCH, WiCyS UK&I and Seidea, the 2026 event is set to be bigger than ever. To make sure everyone has had the chance to nominate, we’ve extended the nomination deadline until the 16th January 2026, 5pm GMT.
For now, it’s time to introduce our 2026 judges, who have the exceptionally hard task of picking this year’s top 20 and five ones to watch…
The Gurus spoke to some of our judges about the 2026 awards and what they’re looking for in a good application.
Why are initiatives like this so important?
Initiatives like this matter because visibility changes possibility. Cybersecurity is still an industry where many women don’t see themselves reflected in leadership, technical authority, or decision-making roles. By intentionally spotlighting women who are doing impactful work, we challenge outdated perceptions of who belongs in cyber and what success looks like.
Beyond recognition, these initiatives create role models, momentum, and community. They validate the work women are already doing – often quietly and behind the scenes, and help open doors for others who are earlier in their journeys. Representation is not just symbolic, it is a powerful driver for inclusion, retention, and long-term change in our industry.
Why should people nominate?
People should nominate because inspiration often goes unrecognised unless someone speaks up. So much impactful work in cybersecurity happens behind the scenes. Particularly in governance, risk, privacy, and security leadership, where success often looks like problems prevented, risks mitigated, or the right questions being asked early. This kind of impact does not always attract attention, but it is critical.
A nomination is more than an accolade; it is an act of recognition and encouragement. It tells someone that their work matters, that they are seen, and that their journey can inspire others. Nominating also helps broaden the narrative of cybersecurity by showcasing diverse paths, backgrounds, and contributions that might otherwise go unnoticed.
What makes an ‘inspiring woman’ in cyber in your eyes?
First and foremost, I believe every woman in cybersecurity is inspiring. Simply showing up each day to help make the digital world safer, often in complex, high-pressure environments, is truly heroic.
An inspiring woman in cyber creates impact while lifting others as she progresses. She may be a technical expert, a strategist, a leader, or an educator, but what sets her apart is purpose, resilience, and a commitment to making the space better than she found it. She does not just respond to challenges, she anticipates them, questions the status quo, and contributes to safer, more ethical, and more inclusive digital environments.
She does not need to dominate the room to lead. Her credibility comes from consistency, thoughtfulness, and sound judgement. It also stems from her unwavering commitment to building systems and teams that are secure, resilient, and future-ready. Importantly, she uses her voice, whether in boardrooms, classrooms, or communities to share knowledge, mentor others, and make cybersecurity more accessible and human.
Why are initiatives like this so important?
I often find myself in meetings counting the number of male versus female attendees. Too often, there are only one or two women in the room, surrounded by many more men.
In cyber, many men take for granted that they don’t have to overcome that initial sense of standing out before even contributing to the discussion or holding their ground. While we are making some progress in addressing the gender imbalance, initiatives like this are vital in keeping the spotlight on an issue that still matters deeply. They help encourage more women to put themselves forward, particularly where they may previously have hesitated, and to feel recognised and valued for the outstanding work they do, inspiring others along the way.
Why should people nominate?
Nominations reinforce the value that female talent brings to our field. Diversity of thought, approach and communication is critical in cyber, a discipline that is as much about culture and behaviour as it is about technology.
Recognising and celebrating female talent strengthens that value proposition, especially when nominations come from male colleagues who see first-hand, and rely on, the expertise and impact that women bring to our teams.
What makes an ‘inspiring woman’ in cyber in your eyes?
Being in the minority in any environment can create invisible barriers and perceptions that are difficult to overcome. For me, an inspiring woman in cyber – a male-dominated field – is someone willing to step outside her comfort zone, try new things, take risks, and learn from setbacks.
Standing out in a male-dominated environment requires real courage, and that courage is inspiring in itself. We need more visible role models like this to attract more women into cyber and to show that it is a field where they can thrive, feel valued, and build rewarding careers.
Why are initiatives like this so important?
Initiatives like the ‘Most Inspiring Women in Cyber Awards 2026’ are so important because they shine a light on women who are accomplishing amazing things in an industry that is still largely male-dominated. Recognising these achievements in an inclusive and safe way helps ensure women feel seen, valued, and celebrated for their expertise and impact.
Beyond individual recognition, these initiatives also create visible role models. Seeing women celebrated for their achievements inspires others to enter the field, stay in the industry, and aim higher. It helps challenge outdated stereotypes, builds confidence, and fosters a stronger sense of community and belonging.
Ultimately, celebrating women in cyber isn’t just about awards – It’s about changing culture. It encourages equity, boosts morale, and helps build a more diverse, inclusive, and resilient cybersecurity industry for everyone.
Why should people nominate?
People should nominate because recognition matters! Nominating is a powerful way to celebrate women who are accomplishing amazing things and making a real impact. Remember that a nomination (let alone a win!) can boost confidence, open doors to new opportunities, and remind someone that their work truly matters. Get those entries in!
What makes an ‘inspiring woman’ in cyber in your eyes?
In my eyes, an ‘inspiring woman in cyber’ is someone who brings others with them into the conversation. They lift people up, share knowledge, and create space for others to learn, grow, and feel they belong. They want to leave a positive footprint, not just through their work, but through the way they support and encourage those around them. They are a role model, someone who shows what’s possible and inspires others to follow their own path in cyber with confidence and purpose.
It isn’t about money, job titles, or seniority. It’s about impact. An inspiring woman is thriving in what they do, and you can see that they genuinely love their work. That passion is contagious and motivating to others.
Why are initiatives like this so important?
Initiatives like this are instrumental in recognising and celebrating the achievements of women in cybersecurity, helping to raise their visibility and inspire others. These initiatives encourage diversity, challenge stereotypes, and can empower the women being recognised to stay and advance in the field. By providing networking opportunities and driving positive industry change, initiatives like this can also help to create a more inclusive and innovative cyber sector.
Why should people nominate?
Nominating women in the cyber industry is a meaningful way to recognise and celebrate their expertise, dedication, and achievements. Formal nominations help to bring the contributions of our exceptional women to light, ensuring they receive the appreciation they deserve. This visibility can inspire other women and girls to pursue careers in cybersecurity, which in turn fosters a more diverse and inclusive industry.
What makes an ‘inspiring woman’ in cyber in your eyes?
An inspiring woman in cyber, in my eyes, is someone who demonstrates exceptional skill and dedication to her work while also uplifting and supporting others in the industry. She is passionate about solving complex problems and is eager to learn and adapt in a rapidly changing industry. Beyond her technical abilities, she actively shares her knowledge, mentors others, and advocates for diversity and inclusion. Her resilience in overcoming challenges and her willingness to break new ground make her a role model for both current and future generations in cybersecurity.
Jennifer Cox, Director of Solutions Engineering, EMEA/APAC, at Tines
Why are initiatives like this so important?
Women’s representation in cybersecurity still has a lot of ground to cover, and initiatives like this shine a light on those who are making an impact both technically and culturally. Recognition not only celebrates achievement but also helps change perceptions; it shows the next generation that there’s space for them here, no matter their background or neurotype. When we platform diverse voices, we accelerate innovation and make our industry stronger, more inclusive, and more human.
Why should people nominate?
Nominating someone is a simple but powerful act of allyship and pride. Many brilliant women in cyber are so focused on lifting others up or doing the hard, often invisible work that they rarely stop to celebrate themselves. A nomination says, “I see you, I value what you’re doing, and you’re shaping this industry.” You never know who might need that encouragement to keep going or step into an even bigger role, and for other women just starting their cybersecurity careers visibility of these trailblazers and their capabilities is key.
What makes an ‘inspiring woman’ in cyber in your eyes?
For me, an inspiring woman in cyber is someone who leads with both competence and compassion. She’s technically grounded, but she also uses her voice and position to make space for others; especially those whose stories aren’t often heard. She’s authentic, curious, resilient, and not afraid to challenge the norm. Above all, she shows that success in cybersecurity isn’t about fitting a mould; it’s about rewriting it so more people can belong.
—
You can nominate here.
The post Most Inspiring Women in Cyber 2026: Meet The Judges appeared first on IT Security Guru.
In Formula 1, milliseconds matter… and so does security. Keeper Security has helped Atlassian Williams F1 Team tighten its cyber defences, revealing how the iconic racing team is using KeeperPAM to protect its data, systems and global operations without taking its foot off the accelerator.
Announced on 13 January 2026, a new case study from Keeper Security details how Atlassian Williams F1 Team has overhauled its privileged access strategy using KeeperPAM, a unified, cloud-native Privileged Access Management (PAM) platform built on zero-trust and zero-knowledge principles. With terabytes of sensitive telemetry and performance data generated every race weekend, any breach, whether trackside or back at base, could be race-ending.
Unlike many organisations, Atlassian Williams F1 Team’s infrastructure isn’t parked in one place. It’s constantly on the move, travelling across more than 20 countries each season. From airports and paddocks to garages and headquarters, the team needed cybersecurity that could keep pace with a relentless global schedule without adding friction.
“We travel to more than 20 countries each season, and every week we’re in a new location,” said James Vowles, Team Principal, Atlassian Williams F1 Team. “Our infrastructure isn’t sitting safely in a single building – it’s traveling with us. That means we have to be secure wherever we are, from airports to garages to our HQ at Grove. With Keeper, we can build that fortress around our operations.”
KeeperPAM delivered that protection by putting zero trust at the heart of access control. Through role-based access, privileged session monitoring and automated provisioning, the platform allows Atlassian Williams F1 Team to enforce least privilege while keeping engineers and staff moving at racing speed.
The team has also streamlined operations by funnelling all privileged connections through a single platform, giving security teams better visibility and faster reaction times when something looks off.
“We now have a single platform where all of our connections go through,” said Harry Wilson, former Head of Information Security, Atlassian Williams F1 Team. “We can apply policies, monitor usage and generate alerts when something unexpected happens. Doing that on our server estate was critical to us.”
KeeperPAM brings together enterprise password management, secrets management, privileged session management, endpoint privilege management, secure remote access and dark web monitoring into one cloud-native platform. By replacing legacy tools with a single solution, Keeper Security says organisations gain real-time visibility, automated least-privilege enforcement and AI-driven threat detection, helping them spot threats before they cross the finish line.
For Atlassian Williams F1 Team, flexibility was just as important as control. Engineers occasionally need elevated access, but only when it’s genuinely required and never longer than necessary.
“There are times when employees need local admin rights on a case-by-case basis,” added Wilson. “With Keeper, we can grant that access in real time and remove it automatically, which gives us confidence that privileged access is always controlled and temporary.”
Keeper Security believes modern PAM needs to work quietly in the background, more like a finely tuned race engine than a heavy braking system.
“Modern PAM has to do more than secure credentials. It has to automate provisioning, rotate secrets and eliminate standing privileges – all without burdening IT teams,” said Craig Lurey, CTO and Co-founder, Keeper Security. “That’s why we designed KeeperPAM to replace complexity with automation, freeing organisations like Atlassian Williams F1 Team to focus on what they do best.”
By centralising all credentials within a zero-knowledge environment, Atlassian Williams F1 Team has eliminated plaintext exposure while automating the provisioning and deprovisioning of privileged access. The result is lower operational overhead for IT teams and fewer roadblocks for engineers pushing performance innovation.
With KeeperPAM in place, Atlassian Williams F1 Team can now operate securely on any device, on any network, anywhere in the world. In a sport where marginal gains make all the difference, cybersecurity has become another competitive edge, helping the team stay secure, agile and firmly in the race.
The post Keeper Security puts Atlassian Williams F1 Team in pole position on cybersecurity appeared first on IT Security Guru.
A cyber attack on shared IT systems used by several London councils has resulted in the theft of personal data relating to thousands of residents, raising renewed concerns about the resilience of local government cyber security and the risks posed by interconnected public-sector infrastructure.
Kensington and Chelsea Council confirmed that sensitive personal information was accessed during the incident, which also disrupted services across neighbouring boroughs. The attack prompted swift intervention from the National Cyber Security Centre (NCSC) and the Metropolitan Police, underlining the seriousness of the breach.
Cyber security leaders warn that the incident reflects a broader and accelerating threat to public-sector organisations. Darren Guccione, CEO and co-founder of Keeper Security, noted that this is the second significant cyber incident affecting a UK local authority in less than two months, highlighting how persistently councils are being targeted.
“Councils and other arms of government remain high-value targets for cybercrime because they hold extensive sensitive personal data and operate interconnected, often legacy, systems that are both attractive to attackers and difficult to defend at scale,” Guccione said. He added that the frequency of these attacks suggests adversaries are shifting away from opportunistic intrusion towards sustained and sophisticated campaigns designed to exploit systemic weaknesses and undermine public trust.
The technical characteristics of the attack have also raised alarm among experts. Graeme Stewart, head of public sector at Check Point, said the incident shows “all the signs of a serious intrusion”, citing multiple boroughs being taken offline and internal warnings instructing staff to avoid emails from partner councils.
“That’s classic behaviour when attackers get hold of credentials or move laterally through a shared environment,” Stewart said. “Once they’re inside one part of the network, they can hop through connected systems far faster than most councils can respond.”
Stewart added that the rapid shutdown of services suggests authorities feared escalation into encryption or large-scale data theft. “Councils hold incredibly sensitive material – social-care files, identity documents, housing records. If attackers got near that, the fallout wouldn’t stay local,” he warned.
The incident has also highlighted the risks created by shared and centralised IT platforms across local government. Dray Agha, senior manager of security operations at Huntress, described such environments as a “double-edged sword”.
“While shared systems are efficient, the breach of one council can instantly compromise its partners, crippling essential services for hundreds of thousands of residents,” Agha said. He stressed the need to move beyond purely cost-driven IT strategies and towards segmented, resilient architectures capable of containing attacks before they spread.
For residents affected by the breach, the immediate concern is how their personal information may be misused. Chris Hauk, consumer privacy advocate at Pixel Privacy, urged individuals to remain vigilant for phishing and fraud attempts, while calling on the council to provide tangible support.
“People that have had their data exposed should stay alert for phishing schemes and other scams,” Hauk said. He added that Kensington and Chelsea Council should offer free credit monitoring to affected residents, noting that government bodies frequently expect private-sector organisations to do the same following similar breaches.
Transparency will be critical in limiting long-term harm, according to Paul Bischoff, consumer privacy advocate at Comparitech. He called on the council to clarify what types of personal data were compromised as quickly as possible.
“Until then, victims cannot make informed choices about how to protect their personal information and finances,” Bischoff said. He noted that attackers have already published a proof pack containing sample stolen documents – a common tactic used by ransomware groups to substantiate their claims and apply pressure. “Based on our research into hundreds of ransomware attacks, the vast majority of these claims are legitimate,” he added.
At a policy level, Guccione pointed to the UK Government’s recently launched Cyber Action Plan, which includes more than £210 million in funding and the creation of a new Government Cyber Unit to improve coordination and resilience across public services.
“The plan is a positive development in recognising the cross-government nature of this challenge,” he said, but warned that central initiatives must be matched by action at the organisational level. He urged public-sector bodies to accelerate adoption of identity-centric security models, enforce stronger access controls, segment networks to limit lateral movement and implement continuous monitoring.
“Only by elevating cybersecurity from a technical afterthought to a core governance priority can public services reduce their exposure to increasingly persistent attacks and maintain citizens’ trust in the digital services they rely on,” Guccione said.
As investigations continue, the incident is expected to intensify scrutiny of cyber maturity across UK local authorities, many of which continue to deliver critical digital services under tight budgets and complex operational constraints.
The post London council cyber attack exposes personal data and highlights risks of shared public-sector IT appeared first on IT Security Guru.
Critical thinking and media literacy are now seen as essential skills for young people, yet many schools lack the resources to teach them, according to new research with teachers, commissioned for BBC Bitesize. Over half of teachers say they need more support to help pupils identify misinformation, as teens increasingly struggle to separate fact from fiction online, a challenge linked to rising anxiety levels.
To bridge this gap, BBC Bitesize is launching Solve the Story, a six-part media literacy series designed to equip students, teachers, and schools with practical tools to tackle misinformation and disinformation. Premiering in schools on 5 January 2026, the series forms part of the Bitesize Other Side of the Story initiative and will help teenagers question what they see online, verify sources, spot fakes, and understand how misleading narratives spread.
The roll-out comes amid mounting evidence that young people are struggling to manage the sheer scale and sophistication of online content. According to research commissioned by the BBC involving more than 400 teachers, critical thinking is now considered the single most important skill for young people, yet one in three teachers say it is difficult to teach, citing lack of time, resources and curriculum pressure.
More than half of the teachers who took part in the research said they need more support in helping pupils recognise misinformation, and that media literacy is not covered well enough in the current curriculum. Teachers also warn that students are already “outpacing adults” online, with the rate of digital change widening the skills gap in the classroom. The research also suggests that parents echoed this concern, as many felt their own digital skills were already outdated.
For young people, the effect of misinformation reaches far beyond the classroom as the impact is emotional as well as educational. New findings from this year’s Bitesize Teen Summit with Radio 5 Live, suggests that two thirds of teenagers worry about fake news and online misinformation, causing confusion and contributing to rising levels of stress and anxiety.
Patricia Hidalgo, Director of BBC Children’s and Education said: “In today’s digital landscape, media literacy isn’t a luxury, it’s a necessity. Solve The Story will help schools to equip young people with the critical thinking tools they need to navigate online content confidently, verify what they see, and protect their mental well‑being. This series is a vital next step towards empowering students and supporting educators in tackling misinformation, as we take Other Side of the Story into classrooms.”
Available to schools and on the BBC Bitesize website, Solve the Story uses a six-part mystery series in which characters must apply media literacy skills to uncover the truth, by analysing sources, questioning assumptions, identifying deepfakes, challenging viral claims and spotting bias. Each episode is paired with a “how-to” guide offering clear, practical steps for teachers and resources for classroom use.
Hundreds of schools up and down the country have already signed up to take part in the January launch, signalling strong demand for classroom-ready tools to help pupils navigate online misinformation. The first episode will be shown in schools on 6 January, with new episodes released weekly until the finale event in February.
Solve the Story is the first content series created for us in schools from the Bitesize Other Side of the Story, that was launched in 2021 to help students navigate the online world and be more critical of the information they consume. Bitesize Other Side of the Story provides articles, videos, quizzes and other resources and workshops in secondary schools that to help students be more curious about the news and information they see and share online. It also equips them with the tools to be create content responsibly, stay safe online and avoid scams, be more aware of different types of media, think more critically and become more positive digital citizens.
The BBC commissioner for Solve The Story is Andrew Swanson.
The video content can be found https://www.bbc.co.uk/bitesize/groups/c4gqzw1kxn6tand Other Side of The Story can be found https://www.bbc.co.uk/bitesize/groups/c0rx3447znvt
TEACHER CASE STUDY
Amy, English Teacher, Manchester
“CRIMINALS USE THAT KIND OF MISINFORMATION TO LURE VULNERABLE KIDS IN BY SHOWING THEM A GLAMOROUS LIFESTYLE”
Amy, an English teacher at a secondary school in Manchester, sees first-hand how quickly misinformation online shapes what her students believe. One of the most alarming examples is how many genuinely think glamorous “prison freestyle” videos on social media are accurate depictions of real life.
“They really believe that’s what prison is like,” she says. “The videos make it look easy or exciting. Criminals use that kind of misinformation to lure vulnerable kids in by showing them a glamorous lifestyle and telling them crime can get them there. That’s what scares me the most.”
But the prison clips are just one part of a much bigger issue. Amy says many of her pupils are convinced they’re “too smart” to be tricked by anything online.
“They’ll laugh at obviously fake AI videos and say, ‘that’s so AI’, but underneath that is a belief that they can’t be fooled. If I tell them something isn’t real, they argue back. They think teachers don’t understand technology, and they automatically trust what they see online more than what we tell them.”
She has seen conspiracy theories spill directly into schoolwork.
“We’ve had essays referencing ‘the matrix’ and huge conspiracy theories, because they’ve come from influencers like Andrew Tate. Those opinions really appeal to them because they’re presented as ‘facts’. It’s frightening how quickly those ideas embed.”
Challenging this isn’t always straightforward.
“Teenagers don’t want to believe anything that contradicts what they’ve seen on TikTok or YouTube. Sometimes they push back so hard that it becomes something we pick up with safeguarding, simply because it needs a wider team around it. Mentors and form tutors help us challenge the misinformation as a team.”
Social pressures add another layer.
“Their friendship groups feel like they span the whole internet, so the biggest fear is embarrassment. Anything taken out of context can spread quickly, and at our school the fear of parents seeing them do something they shouldn’t is huge. The consequences feel enormous to them.”
Amy says traditional critical-thinking lessons aren’t enough on their own.
“We teach those skills in English, but once they’re at home, school doesn’t exist. They need practical tools that match the world they’re actually living in.”
That’s why she believes Solve the Story could make a real difference.
“They love short-form content, and this format suits their attention span. If teachers show it to them, it will help them stop and question things instead of just accepting whatever they scroll past. They won’t look for it themselves, so teacher buy-in is essential, but once it’s in front of them, it will click.”
Amy sees media literacy as part of her duty of care.
“Some understand the problem, so they can’t push back on what their children are watching. It falls to us to teach them how to protect themselves. They need these skills more than ever.”
The post BBC Bitesize Launches Media Literacy Series To Help Teens Separate Fact From Fiction Online appeared first on IT Security Guru.
We’re on the edge of something interesting in the industry right now, and it’s the transformation of the modern SOC.
Everyone knows that security operations centres are faced with too much, too hard, and too fast – not to mention too confusing. We know the stats: thanks to the cyber talent crunch, limited resources, and a ton of new attacks (thanks, bots and AI), 40% of alerts get ignored. Even worse, 61% of security teams admit to ignoring alerts that later proved to be critical incidents.
The simple answer is “figure out how to get less alerts.” Check. Reducing noise is key. But once you do, is the problem solved?
No, but you’re on the right track. The next step is where the transformation really takes place, and where the industry is looking to go next. We’ve talked noise reduction, but now, what we need when we’ve only got a few (ish) alerts is to know is which one of those is worth our time? If we can only get to five a day, which ones should we be going after? And what determines what comes next on our roster?
The answer is risk. You need to prioritise those remaining few (hundred) alerts by risk, which is a multifaceted project, then streamline remediations based on which ones present the biggest, most immediate, or most impactful threat.
Reducing noise is a good start, but it’s only that. Here’s where we jump off, and how to build a risk-first alert pipeline that analysts trust. And that will truly have the power to transform the SOC.
Before we jump to the conclusion, let’s orient ourselves and look at where we’ve come from.
Faced with an average of 83 different tools from 29 different vendors, SOCs are forced to wade through deluges of data to find the rare, true positive needle in a haystack.
It doesn’t come easy, and SOCs waste most of their time looking. That’s why it’s so important to, before anything else can get better, cut the noise. Prophet Security, an AI SOC Platform company, does a great job of explaining the process of reducing alert fatigue, but then adds this insightful conclusion: “Do not chase volume alone. Reducing alert count without measuring risk impact creates blind spots.”
And this is the jumping off point. Having fewer alerts is, well, good. But those still have to be actioned on and someone has to decide which comes first. Typically, SOCs make that decision based on severity scores. It’s the way the industry does things, it’s the way we’ve always done things.
But these days, security no longer exists in a vacuum and “how big a deal” a certain exposure is really doesn’t matter if it isn’t a big deal to the business. Today, all security priorities are intrinsically tied to business objectives – it’s about time! – which means that the alerts that represent the biggest overall business risk are the ones that need to be taken care of first.
So, how do you do that?
We’ve carried the ball halfway down the court, and now it’s time to sink it in. To really help SOCs out, any sort of automated SOC tool needs to do more than cut down on noise. It needs to tell you what to do with the alerts that are left, and tie those decisions transparently to:
Looking at these other angles shows why simple severity scores won’t cut it. They say nothing of the context around the exposure; what it’s putting at risk, how real that risk might be, the impact if that risk becomes a real threat or gets exploited.
All these things need to be taken into account by your automated SOC tool if it’s going to do more than give you more puzzles to solve. SOCs have enough on their plates; these types of answers should come standard.
So, what’s the technology that can get it done?
When looking for the right AI SOC platform, it needs to be one that will do this sort of math for you, not take out a bunch of alerts, hand you the rest, and say “good luck.”
That’s why you want one with a modern, risk-first alert pipeline. This sounds like a bunch of security-ish buzzwords strung together with hyphens, but it’s really where the magic takes place.
But first, does AI help? In 2025, you don’t have to ask. Yes, artificial intelligence helps in this whole process. Like with most technologies, applying AI, generative AI, machine learning, agentic AI, natural language processing, and everything AI can move the needle significantly; but only when used in the right way.
Here’s what a risk-first alert pipeline looks like in action:
The result is that you get your alerts not only thinned out, but organised by order of importance to the business, not an arbitrary security scoring chart. Don’t misunderstand; severity needs to be factored in, too. It just can’t be the only factor.
With a risk-first alert model, SOCs can place their limited resources where it counts, instead of chasing down alerts that may not have been the best use of company time.
This means that security teams look really good when presenting to boards at the end of the year, and that non-security board members can immediately grasp why SOCs did what they did, how that positively impacted the business, and where their money was going.
And, most importantly, be happy with it.
The post From noise to signal: Building a risk-first alert pipeline that analysts trust appeared first on IT Security Guru.
As Santa starts his travels, experts are warning that his arrival could bring with it a range of cyber risks, from scams to insecure gadgets.
Whilst Santa prefers to deliver via chimney, most cybercriminals are looking for backdoors. In some cases, hackers prefer to deliver malicious communications via email. Worryingly, in 2025, scams are not just more common, they’re often harder to spot. Earlier this month, researchers from the team at Check Point detected 33,502 Christmas-themed phishing emails in the first two weeks of December, along with more than 10,000 fake advertisements being created daily on social media channels. Many mimic festive promotions, while others push fake Walmart or Home Depot deals, fraudulent charity appeals, and urgent delivery notices.
Why is this time of year so popular for cybercriminals? Ian Porteous, Regional Director, Security Engineering, UK & Ireland at Check Point Software, notes that “Cybercriminals love Christmas just as much as shoppers do, but for all the wrong reasons. This time of year, people are more exposed due to the sheer volume of digital interactions – shopping online, sending e-cards, and grabbing festive deals. That makes it the perfect opportunity for scammers.”
Which other types of attacks should consumers look out for?
Javvad Malik, Lead CISO Advisor at KnowBe4, highlighted a range of common festive scams that consumers should be alert to during the Christmas period. He warned that these include “fake courier messages – like texts from Royal Mail, DPD, Evri etc”, often claiming “we tried and failed to deliver” or asking recipients to “pay a small fee to release it”. Malik also pointed to deals that are too good to be true, such as “ridiculous savings, 90% off named brands”, as well as gift card scams and urgent favour requests, typically appearing as “a WhatsApp or email from your boss or family member usually”. Other tactics include charity scams involving “fake charities trying to pull at heartstrings during the season of giving”, fraudulent shopping emails claiming “your payment failed” or that “your Black Friday order couldn’t be processed”, and holiday job or side hustle offers that require victims to “pay an upfront fee for training or admin”, which in some cases can result in individuals unknowingly becoming money mules.
Many of us will hope to unwrap a new gadget tomorrow morning, but Anne Cutler, cybersecurity expert at Keeper Security, is warning that these gifts can come with hidden risks if left unsecured. “As smart, AI-enabled gadgets become some of the most popular gifts this holiday season, families are unknowingly expanding their digital attack surface,” she said. “From connected toys and wearables to voice assistants and home cameras, many of these devices are effectively small computers with microphones, sensors and constant internet access. To make matters worse, they are usually sold with minimal security settings as the default.”
Cutler warned that “the most common mistake families make is trusting default passwords and factory settings”, something cybercriminals actively exploit by scanning for unsecured devices. She added that while these products can appear harmless, “from behavioural tracking to hidden software vulnerabilities, these modern devices can seem harmless, but in actuality they can pose genuine threats to the privacy and security of families”.
Parents are being encouraged to review privacy and safety settings before children begin using new devices, including disabling unnecessary access to cameras or microphones and limiting data sharing, particularly where interactions may be used for “model improvement”. Experts also caution that AI-enabled toys introduce additional risks because they can behave unpredictably, with concerns ranging from “hallucinations or unsafe responses” to data leakage and breach-related cyber attacks, where stolen recordings, images or videos could be used for phishing, voice impersonation or deepfake content.
Cutler concluded: “Connected devices are now a permanent part of family life, and they should be treated with the same care as any other internet-facing system. By staying informed and vigilant, families can enjoy the holiday season with confidence, while balancing the fun of new tech with a secure and privacy-conscious digital home.”
“Digital security at Christmas starts with prevention,” adds Ian Porteous from Check Point. “Staying alert and cautious online can make all the difference – protecting your personal information and ensuring a stress-free festive season.”
Javvad Malik from KnowBe4, urges consumers to ask the following questions before taking action:
The post Cyber Experts Warn of Increased Consumer Scams This Festive Season appeared first on IT Security Guru.
DUBLIN—September 13, 2022—The Linux Foundation, a global nonprofit organization enabling innovation through open source, today announced the intention to form the OpenWallet Foundation (OWF), a new collaborative effort to develop open source software to support interoperability for a wide range of wallet use cases. The initiative already benefits from strong support including leading companies across technology, public sector, and industry vertical segments, and standardization organizations.
The mission of the OWF is to develop a secure, multi-purpose open source engine anyone can use to build interoperable wallets. The OWF aims to set best practices for digital wallet technology through collaboration on open source code for use as a starting point for anyone who strives to build interoperable, secure, and privacy-protecting wallets.
The OWF does not intend to publish a wallet itself, nor offer credentials or create any new standards. The community will focus on building an open source software engine that other organizations and companies can leverage to develop their own digital wallets. The wallets will support a wide variety of use cases from identity to payments to digital keys and aim to achieve feature parity with the best available wallets.
Daniel Goldscheider, who started the initiative, said, “With the OpenWallet Foundation we push for a plurality of wallets based on a common core. I couldn’t be happier with the support this initiative has received already and the home it found at the Linux Foundation.”
Linux Foundation Executive Director Jim Zemllin said, “We are convinced that digital wallets will play a critical role for digital societies. Open software is the key to interoperability and security. We are delighted to host the OpenWallet Foundation and excited for its potential.”
OpenWallet Foundation will be featured in a keynote presentation at Open Source Summit Europe on 14 September 2022 at 9:00 AM IST (GMT +1) and a panel at 12:10 PM IST (GMT +1). In order to participate virtually and/or watch the sessions on demand, you can register here.
Pramod Varma, Chief Architect Aadhaar & India Stack, said, “Verifiable credentials are becoming an essential digital empowerment tool for billions of people and small entities. India has been at the forefront of it and is going all out to convert all physical certificates into digitally verifiable credentials via the very successful Digilocker system. I am very excited about the OWF effort to create an interoperable and open source credential wallet engine to supercharge the credentialing infrastructure globally.”
“Universal digital wallet infrastructure will create the ability to carry tokenized identity, money, and objects from place to place in the digital world. Massive business model change is coming, and the winning digital business will be the one that earns trust to directly access the real data in our wallets to create much better digital experiences,” said David Treat, Global Metaverse Continuum Business Group & Blockchain lead, Accenture. “We are excited to be part of the launch and development of an open-source basis for digital wallet infrastructure to help ensure consistency, interoperability, and portability with privacy, security, and inclusiveness at the core by design.”
Drummond Reed, Director of Trust Services at Avast, a brand of NortonLifeLock, said, “We’re on a mission to protect digital freedom for everyone. Digital freedom starts with the services used by the individual and the ability to reclaim their personal information and reestablish trust in digital exchanges. Great end point services start with the core of digital identity wallet technology. We are proud to be a founding supporter of the OpenWallet Foundation because collaboration, interoperability, and open ecosystems are essential to the trusted digital future that we envision.”
“The mobile wallet industry has seen significant advances in the last decade, changing the way people manage and spend their money, and the tasks that these wallets can perform have rapidly expanded. Mobile wallets are turning into digital IDs and a place to store documents whereby the security requirements are further enhanced,” said Taka Kawasaki CoFounder of Authlete Inc. “We understand the importance of standards that ensure interoperability as a member of the OpenID Foundation and in the same way we are excited to work with the Linux Foundation to develop a robust implementation to ensure the highest levels in security.”
“Providing secure identity and validated credential services are key for enabling a high assurance health care service. The OpenWallet Foundation could contribute a key role in promoting the deployment of highly effective secure digital health care systems that benefits the industry,” said Robert Samuel, Executive Director of Technology Research & Innovation, CVS Health.
“Daon provides the digital identity verification/proofing and authentication technology that enables digital trust at scale and on a global basis”, said Conor White, President – Americas at Daon, “Our experience with VeriFLY demonstrated the future importance of digital wallets for consumers and we look forward to supporting the OpenWallet Foundation.”
“We are building and issuing wallets for decentralized identity applications for several years now. Momentum and interest for this area has grown tremendously, far beyond our own community. It is now more important than ever that a unified wallet core embracing open standards is created, with the ambition to become the global standard. The best industry players are pulling together under the OpenWallet Foundation. esatus AG is proud to be among them as experience, expertise, and technology contributor,” said Dr. Andre Kudra, CIO, esatus AG
Kaliya Young, Founder & Principal, Identity Woman in Business, said, “As our lives become more and more digital, it is critical to have strong and interoperable digital wallets that can properly safeguard our digital properties, whether it is our identities, data, or money. We are very excited to see the emergence of the OpenWallet Foundation, particularly its mission to bring key stakeholders together to create a core wallet engine (instead of another wallet) that can empower the actual wallet providers to build better products at lower cost. We look forward to supporting this initiative by leveraging our community resources and knowledge/expertise to develop a truly collaborative movement.”
Masa Mashita, Senior Vice President, Strategic Innovations, JCB Co., Ltd. said, “Wallets for the identity management as well as the payment will be a key function for the future user interface. The concept of OpenWallet will be beneficial for the interoperability among multiple industries and jurisdictions.”
“Secure and open wallets will allow individuals the world over to store, combine and use their credentials in new ways – allowing them to seamlessly assert their identity, manage payments, access services, etc., and empower them with control of their data. This brings together many of our efforts in India around identity, payments, credentials, data empowerment, health, etc. in an open manner, and will empower billions of people around the world,” said Sanjay Jain, Chairman of the Technology Committee of MOSIP.
“The Open Identity Exchange (OIX) welcomes and supports the creation of the OpenWallet Foundation. The creation of open source components that will allow wallet providers to work to standards and trust framework policies in a consistent way is entirely complementary to our own work on open and interoperable Digital Identities. OIX’s Global Interoperability working group is already defining a ‘trust framework policy characteristics methodology,’ as part of our contribution to GAIN. This will allow any trust framework to systematically describe itself to an open wallet, so that a ‘smart wallet’ can seamlessly adapt to the rules of a new framework within which the user wants to assert credentials,” said Nick Mothershaw, Chief Identity Strategist, OIX.
“Okta’s vision is to enable anyone to safely use any technology”, says Randy Nasson, Director of Product Management at Okta. “Digital wallets are emerging as go-to applications for conducting financial transactions, providing identity and vital data, and storing medical information such as vaccination status. Wallets will expand to include other credentials, including professional and academic certifications, membership status, and more. Digital credentials, including their issuance, storage in wallets, and presentation, will impact the way humans authenticate and authorize themselves with digital systems in the coming decade. Okta is excited about the efforts of the OpenWallet Foundation and the Linux Foundation to provide standards-based, open wallet technology for developers and organizations around the world.”
“The OpenID Foundation welcomes the formation of the OpenWallet Foundation and its efforts to create an open-source implementation of open and interoperable technical standards, certification and best practices.” – Nat Sakimura, Chairman, OpenID Foundation.
“We believe the future of online trust and privacy starts with a system for individuals to take control over their digital identity, and interoperability will create broad accessibility,” says Rakesh Thaker, Chief Development Officer at Ping Identity. “We intend to actively participate and contribute to creating common specifications for secure, robust credential wallets to empower people with control over when and with whom they share their personal data.”
Wallet technologies that are open and interoperable are a key factor in enabling citizens to protect their privacy in the digital world. At polypoly – an initiative backed by the first pan-European cooperative for data – we absolutely believe that privacy is a human right! We are already working on open source wallets and are excited to collaborate with others and to contribute to the OpenWallet Foundation,” said Lars Eilebrecht, CISO, polypoly.
“Digital credentials and the wallets that manage them form the trust foundation of a digital society. With the future set to be characterised by a plurality of wallets and underlying standards, broad interoperability is key to delivering seamless digital interactions for citizens. Procivis is proud to support the efforts of the OpenWallet Foundation to build a secure, interoperable, and open wallet engine which enables every individual to retain sovereignty over their digital identities,” Daniel Gasteiger, Chief Executive Officer, Procivis AG.
“It is essential to cross the boundaries between humans, enterprises, and systems to create value in a fully connected world. There is an urgent need for a truly portable, interoperable identity & credentialing backbone for all digital-first processes in government, business, peer-to-peer, smart city systems, and the Metaverse. The OpenWallet Foundation will establish high-quality wallet components that can be assembled into SW solutions unlocking a new universe of next-level digitization, security, and compliance,” said Dr. Carsten Stöcker, CEO Spherity & Chairman of the Supervisory Board IDunion SCE.
“Transmute has long promoted open source standards as the foundation for building evolved solutions that challenge the status quo. Transmute believes any organization should be empowered to create a digital wallet that can securely manage identifiers, credentials, currencies, and payments while complying with regulatory requirements regarding trusted applications and devices. Transmute supports a future of technology that will reflect exactly what OpenWallet Foundation wants to achieve: one that breaks with convention to foster innovation in a secure, interoperable way, benefitting competitive companies, consumers, and developers alike,” said Orie Steele, Co-Founder and CTO of Transmute.
“The Trust Over IP (ToIP) Foundation is proud to support the momentum of an industry-wide open-source engine for digital wallets. We believe this can be a key building block in our mission to establish an open standard trust layer for the Internet. We look forward to our Design Principles and Reference Architecture benefitting this endeavor and collaborating closely with this new Linux Foundation project,” said Judith Fleenor, Director of Strategic Engagement, Trust Over IP Foundation.
For more information about the project and how to participate in this work, please visit: openwallet.foundation.
About the Linux Foundation
Founded in 2000, the Linux Foundation and its projects are supported by more than 3,000 members. The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, Hyperledger, RISC-V, PyTorch, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
###
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.
Media Contact:
Dan Whiting
for the Linux Foundation
+1 202-531-9091
dwhiting@linuxfoundation.org
The post Linux Foundation Announces an Intent to Form the OpenWallet Foundation appeared first on Linux Foundation.
PyTorch Foundation to foster an ecosystem of vendor-neutral projects alongside founding members AMD, AWS, Google Cloud, Meta, Microsoft Azure, and NVIDIA
DUBLIN – September 12, 2022 – The Linux Foundation, a global nonprofit organization enabling innovation through open source, today announced PyTorch is moving to the Linux Foundation from Meta where it will live under the newly-formed PyTorch Foundation. Since its release in 2016, over 2400 contributors and 18,0000 organizations have adopted the PyTorch machine learning framework for use in academic research and production environments. The Linux Foundation will work with project maintainers, its developer community, and initial founding members of PyTorch to support the ecosystem at its new home.
Projects like PyTorch—that have the potential to become a foundational platform for critical technology—benefit from a neutral home. As part of the Linux Foundation, PyTorch and its community will benefit from many programs and support infrastructure like training and certification programs, research, and local to global events. Working inside and alongside the Linux Foundation, PyTorch will have access to the LFX collaboration portal—enabling mentorships and helping the PyTorch community identify future leaders, find potential hires, and observe shared project dynamics.
“Growth around AI/ML and Deep Learning has been nothing short of extraordinary—and the community embrace of PyTorch has led to it becoming one of the five-fastest growing open source software projects in the world,” said Jim Zemlin, executive director for the Linux Foundation. “Bringing PyTorch to the Linux Foundation where its global community will continue to thrive is a true honor. We are grateful to the team at Meta—where PyTorch was incubated and grown into a massive ecosystem—for trusting the Linux Foundation with this crucial effort.”
“Some AI news: we’re moving PyTorch, the open source AI framework led by Meta researchers, to become a project governed under the Linux Foundation. PyTorch has become one of the leading AI platforms with more than 150,000 projects on GitHub built on the framework. The new PyTorch Foundation board will include many of the AI leaders who’ve helped get the community where it is today, including Meta and our partners at AMD, Amazon, Google, Microsoft, and NVIDIA. I’m excited to keep building the PyTorch community and advancing AI research,” said Mark Zuckerberg, Founder & CEO, Meta.
The Linux Foundation has named Dr. Ibrahim Haddad, its Vice President of Strategic Programs, as the Executive Director of the PyTorch Foundation. The PyTorch Foundation will support a strong member ecosystem with a diverse governing board including founding members: AMD, Amazon Web Services (AWS), Google Cloud, Meta, Microsoft Azure and NVIDIA. The project will promote continued advancement of the PyTorch ecosystem through its thriving maintainer and contributor communities. The PyTorch Foundation will ensure the transparency and governance required of such critical open source projects, while also continuing to support its unprecedented growth.
Member Quotes
AMD
“Open software is critical to advancing HPC, AI and ML research, and we’re ready to bring our experience with open software platforms and innovation to the PyTorch Foundation,” said Brad McCredie, corporate vice president, Data Center and Accelerated Processing, AMD. “AMD Instinct accelerators and ROCm software power important HPC and ML sites around the world, from exascale supercomputers at research labs to major cloud deployments showcasing the convergence of HPC and AI/ML. Together with other foundation members, we will support the acceleration of science and research that can make a dramatic impact on the world.”
Amazon Web Services
“AWS is committed to democratizing data science and machine learning, and PyTorch is a foundational open source tool that furthers that goal,” said Brian Granger, senior principal technologist at AWS. “The creation of the PyTorch Foundation is a significant step forward for the PyTorch community. Working alongside The Linux Foundation and other foundation members, we will continue to help build and grow PyTorch to deliver more value to our customers and the PyTorch community at large.”
Google Cloud
“At Google Cloud we’re committed to meeting our customers where they are in their digital transformation journey and that means ensuring they have the power of choice,” said Andrew Moore, vice president and general manager of Google Cloud AI and industry solutions. “We’re participating in the PyTorch Foundation to further demonstrate our commitment of choice in ML development. We look forward to working closely on its mission to drive adoption of AI tooling by building an ecosystem of open source projects with PyTorch along with our continued investment in JAX and Tensorflow.”
Microsoft Azure
“We’re honored to participate in the PyTorch Foundation and partner with industry leaders to make open source innovation with PyTorch accessible to everyone,” Eric Boyd, CVP, AI Platform, Microsoft, said. “Over the years, Microsoft has invested heavily to create an optimized environment for our customers to create, train and deploy their PyTorch workloads on Azure. Microsoft products and services run on trust, and we’re committed to continuing to deliver innovation that fosters a healthy open source ecosystem that developers love to use. We look forward to helping the global AI community evolve, expand and thrive by providing technical direction based on our latest AI technologies and research.”
NVIDIA
“PyTorch was developed from the beginning as an open source framework with first-class support on NVIDIA Accelerated Computing”, said Ian Buck, General Manager and Vice President of Accelerated Computing at NVIDIA. “NVIDIA is excited to be an originating member of the PyTorch Foundation to encourage community adoption and to ensure using PyTorch on the NVIDIA AI platform delivers excellent performance with the best experience possible.”
Additional Resources:
About the Linux Foundation
Founded in 2000, the Linux Foundation and its projects are supported by more than 3,000 members. The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, Hyperledger, RISC-V, PyTorch, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
###
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.
Media Contact
Dan Whiting
for the Linux Foundation
202-531-9091
dwhiting@linuxfoundation.org
The post Meta Transitions PyTorch to the Linux Foundation, Further Accelerating AI/ML Open Source Collaboration appeared first on Linux Foundation.
Because of my position as Executive Producer and host of The Untold Stories of Open Source, I frequently get asked, “What podcasts do you listen to when you’re not producing your own.” Interesting question. However, my personal preference, This American Life, is more about how they create their shows, how they use sound and music to supplement the narration, and just in general, how Ira Glass does what he does. Only podcast geeks would be interested in that, so I reached out to my friends in the tech industry to ask them what THEY listen to.
The most surprising thing I learned was people professing to not listen to podcasts. “I don’t listen to podcasts, but if I had to choose one…”, kept popping up. The second thing was people in the industry need a break and use podcasts to escape from the mayhem of their day. I like the way Jennifer says it best, “Since much of my role is getting developers on board with security actions, I gravitate toward more psychology based podcasts – Adam Grant’s is amazing (it’s called WorkLife).”
Now that I think of it, same here. This American Life. Revisionist History. Radio Lab. The Moth. You get the picture. Escaping from the mayhem of the day.
Without further digression, here are the podcasts recommended by the people I trust, no particular order. No favoritism.
Hosted by Mike Jones and Mike LeBlanc
Mike Jones and Mike LeBlanc built the H4unt3d Hacker podcast and group from a really grass roots point of view. The idea was spawned over a glass of bourbon on the top of a mountain. The group consists of members from around the globe and from various walks of life, religions, backgrounds and is all inclusive. They pride themselves in giving back and helping people understand the cybersecurity industry and navigate through the various challenges one faces when they decide cybersecurity is where they belong.
“I think he strikes a great balance between newbie/expert, current events and all purpose security and it has a nice vibe” – Alan Shimel, CEO, Founder, TechStrong Group
Hosted by Patrick Gray
Published weekly, the Risky Business podcast features news and in-depth commentary from security industry luminaries. Hosted by award-winning journalist Patrick Gray, Risky Business has become a must-listen digest for information security professionals. We are also known to publish blog posts from time to time.
“My single listen-every-week-when-it-comes out is not that revolutionary: the classic Risky Biz security podcast. As a defender, I learn from the offense perspective, and they also aren’t shy about touching on the policy side.” – Allan Friedman, Cybersecurity and Infrastructure Security Agency
Hosted by Mike Shema, Matt Alderman, and John Kinsella
If you’re looking to understand DevOps, application security, or cloud security, then Application Security Weekly is your show! Mike, Matt, and John decrypt application development – exploring how to inject security into the organization’s Software Development Lifecycle (SDLC); learn the tools, techniques, and processes necessary to move at the speed of DevOps, and cover the latest application security news.
“Easily my favorite hosts and content. Professional production, big personality host, and deeply technical co-host. Combined with great topics and guests.” – Larry Maccherone, Dev[Sec]Ops Transformation Architect, Contrast Security
Hosted by Jeffrey Palermo
The Azure DevOps Podcast is a show for developers and devops professionals shipping software using Microsoft technologies. Each show brings you hard-hitting interviews with industry experts innovating better methods and sharing success stories. Listen in to learn how to increase quality, ship quickly, and operate well.
“I am pretty focused on Microsoft Azure these days so on my list is Azure DevOps” – Bob Aiello CM Best Practices Founder, CTO, and Principal Consultant
Hosted by Community of Chaos Engineering Practitioners
We are a community of chaos engineering practitioners. Chaos Engineering is the discipline of experimenting on a system in order to build confidence in the system’s capability to withstand turbulent conditions in production.
“This is so good, it’s hardly even fair to compare it to other podcasts!” – Casey Rosenthal, CEO, Co-founder, Verica
Hosted by Allison Gill (A.G.)
The Daily Beans is a women-owned and operated progressive news podcast for your morning commute brought to you by the webby award-winning hosts of Mueller, She Wrote. Get your social justice and political news with just the right amount of snark.
“The Daily Beans covers political news without hype. The host is a lawyer and restricts her coverage to what can actually happen while other outlets are hyping every possibility under the sun including possibilities that get good ratings but will never happen. She mostly covers the former president’s criminal cases.” – Tom Limoncelli, Manager, Stack Overflow
Hosted by Community of Various Contributors
Software Engineering Radio is a podcast targeted at the professional software developer. The goal is to be a lasting educational resource, not a newscast. Now a weekly show, we talk to experts from throughout the software engineering world about the full range of topics that matter to professional developers. All SE Radio episodes feature original content; we don’t record conferences or talks given in other venues.
“The one that I love to keep tabs on is called Software Engineering Radio, published by the IEEE computer society. It is absolutely a haberdashery of new ideas, processes, lessons learned. It also ranges from very practical action oriented advice the whole way over to philosophical discussions that are necessary for us to drive innovation forward. Professionals from all different domains contribute. It’s not a platform for sales and marketing pitches!” – Tracy Bannon, Senior Principal/ Software Architect & DevOps Advisor, MITRE
Hosted by Various Contributors
Join thousands of other listeners to hear from the current leaders, experts, vendors, and instructors in the IT and Cybersecurity fields regarding DevSecOps, InfoSec, Ransomware attacks, the diversity and the retention of talent, and more. Gain the confidence, consistency, and courage to succees at work and in life.
“Relaxed chat, full of good info, and they got right to the point. Would recommend.” – Wendy Nather, Head of Advisory CISOs, CISCO
Hosted by Michael Schwartz
Open Source Underdogs is the podcast for entrepreneurs about open source software. In each episode, we chat with a founder or leader to explore how they are building thriving businesses around open source software. Our goal is to demystify how entrepreneurs can stay true to their open source objectives while also building sustainable, profitable businesses that fuel innovation and ensure longevity.
“Mike Schwartz’s podcast is my favourite. Really good insights from founders.” – Amanda Brock, CEO, OpenUK
Hosted by Dan Harris
Ten Percent Happier publishes a variety of podcasts that offer relatable wisdom designed to help you meet the challenges and opportunities in your daily life.
“I listen to Ten Percent Happier as my go-to podcast. It helps me with mindfulness practice, provides a perspective on real-life situations, and makes me a kinder person. That is one of the most important traits we all need these days.” – Arun Gupta, Vice President and General Manager for Open Ecosystem, Intel
Hosted by Sam Harris
Sam Harris is the author of five New York Times best sellers. His books include The End of Faith, Letter to a Christian Nation, The Moral Landscape, Free Will, Lying, Waking Up, and Islam and the Future of Tolerance (with Maajid Nawaz). The End of Faith won the 2005 PEN Award for Nonfiction. His writing and public lectures cover a wide range of topics—neuroscience, moral philosophy, religion, meditation practice, human violence, rationality—but generally focus on how a growing understanding of ourselves and the world is changing our sense of how we should live.
“Sam dives deep on topics rooted in our culture, business, and minds. The conversations are very approachable and rational. With some episodes reaching an hour or more, Sam gives topics enough space to cover the necessary angles.” – Derek Weeks, CMO, The Linux Foundation
Hosted by Jack Rhysider
Darknet Diaries produces audio stories specifically intended to capture, preserve, and explain the culture around hacking and cyber security in order to educate and entertain both technical and non-technical audiences.
This is a podcast about hackers, breaches, shadow government activity, hacktivism, cybercrime, and all the things that dwell on the hidden parts of the network.
“Darknet Diaries would be my recommendation. Provided insights into the world of hacking, data breaches and cyber crime. And Jack Rhysider is a good storyteller ” – Edwin Kwan, Head of Application Security and Advisory, Tyro Payments
Hosted by Russel Brand
Under the Skin asks: what’s beneath the surface – of the people we admire, of the ideas that define our times, of the history we are told. Speaking with guests from the world of academia, popular culture and the arts, they’ll teach us to see the ulterior truth behind or constructed reality. And have a laugh.
“He interviews influential people from all different backgrounds and covers everything from academia to tech to culture to spiritual issues” – Ashleigh Auld, Global Director Partner Marketing, Linnwood
Hosted by Dave Bittner
The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also included interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
“I’d recommend the CyberWire daily podcast has got most relevant InfoSec news items and stories industry pros care about. XX” – Ax Sharma, Security Researcher, Tech Reporter, Sonatype
Hosted by Brian Johnson
7 Minute Security is a weekly audio podcast (once in a while with video!) released on Wednesdays and covering topics such Penetration testing, Blue teaming, and Building a career in security.
In 2013 I took on a new adventure to focus 100% on information security. There’s a ton to learn, so I wanted to write it all down in a blog format and share with others. However, I’m a family man too, and didn’t want this project to offset the work/family balance.
So I thought a podcast might fill in the gaps for stuff I can’t – or don’t have time to – write out in full form. I always loved the idea of a podcast, but the good ones are usually in a longer format, and I knew I didn’t have time for that either. I was inspired by the format of the 10 Minute Podcast and figured if it can work for comedy, maybe it can work for information security!
Thus, the 7 Minute Security blog and its child podcast was born.
“7 Minute Security Podcast – because Brian makes the best jingles!” – Björn Kimminich, Product Group Lead Architecture Governance, Kuehne + Nagel (AG & Co.) KG
Hosted by Dave Farley
Explores ideas that help to produce Better Software Faster: Continuous Delivery, DevOps, TDD and Software Engineering.
Hosted by Dave Farley – a software developer who has done pioneering work in DevOps, CD, CI, BDD, TDD and Software Engineering. Dave has challenged conventional thinking and led teams to build world class software.
Dave is co-author of the award wining book – “Continuous Delivery”, and a popular conference speaker on Software Engineering. He built one of the world’s fastest financial exchanges, is a pioneer of BDD, an author of the Reactive Manifesto, and winner of the Duke award for open source software – the LMAX Disruptor.
“Dave Farley’s videos are a treasure trove of knowledge that took me and others years to uncover when we were starting out. His focus on engineering and business outcomes rather than processes and frameworks is a breath of fresh air. If you only have time for one source of information, use his. – Bryan Finster, Value Stream Architect, Defense Unicorns
Hosted by Scott Galloway
A fast and fluid weekly thirty minute show where Scott tears into the taxonomy of the tech business with unfiltered, data-driven insights, bold predictions, and thoughtful advice.
“Very current very modern. Business and tech oriented. Talks about markets and economics and people and tech.” – Caroline Wong, Chief Strategy Officer, Cobalt
Hosted by Josh Bressers and Kurt Seifried
Open Source Security is a collaboration by Josh Bressers and Kurt Seifried. We publish the Open Source Security Podcast and the Open Source Security Blog.
We have a security tabletop game that Josh created some time ago. Rather than play a boring security tabletop exercise, what if had things like dice and fun? Take a look at the Dungeons and Data tabletop game
“It has been something I’ve been listening to a lot lately with all of the focus on Software Supply Chain Security and Open Source Security. The hosts have very deep software and security backgrounds but keep the show light-hearted and engaging as well. ” – Chris Hughes, CISO, Co-Founder Aquia Inc
Hosted by Kara Swisher and Professor Scott Galloway
Every Tuesday and Friday, tech journalist Kara Swisher and NYU Professor Scott Galloway offer sharp, unfiltered insights into the biggest stories in tech, business, and politics. They make bold predictions, pick winners and losers, and bicker and banter like no one else. After all, with great power comes great scrutiny. From New York Magazine and the Vox Media Podcast Network.
“As a rule, I don’t listen to tech podcasts much at all, since I write about tech almost all day. I check out podcasts about theater or culture — about as far away from my day job as I can get. However, I follow a ‘man-about-town’ guy named George Hahn on social media, who’s a lot of fun. Last year, he mentioned he’d be a guest host of the ‘Pivot’ podcast with Kara Swisher and Scott Galloway, so I checked out Pivot. It’s about tech but it’s also about culture, politics, business, you name it. So that’s become the podcast I dip into when I want to hear a bit about tech, but in a cocktail-party/talk show kind of way.” – Christine Kent, Communications Strategist, Christine Kent Communications
Hosted by Gene Kim
Conversations with experts about the important ideas changing how organizations compete and win. In The Idealcast, multiple award-winning CTO, researcher and bestselling author Gene Kim hosts technology and business leaders to explore the dangerous, shifting digital landscape. Listeners will hear insights and gain solutions to help their enterprises thrive in an evolving business world.
“I like this because it has a good balance of technical and culture/leadership content.” – Courtney Kissler, CTO, Zulily
Hosted by Dave Kennedy and Various Team Contributors
Our team records a regular podcast covering the latest security news and stories in an entertaining and informational discussion. Hear what our experts are thinking and talking about.
“I LOVE LOVE LOVE the TrustedSec Security Podcast. Dave Kennedy’s team puts on a very nice and often deeply technical conversation every two weeks. The talk about timely topics from today’s headlines as well as jumping into purple team hackery which is a real treat to listen in and learn from.” – CRob Robinson, Director of Security Communications Intel Product Assurance and Security, Intel
Hosted by John Willis
“I don’t listen to podcasts much these days (found that consuming books via audible was more useful… but I guess it all depends on how emerging the topics are you are interested in). I only mention this as I am thin I recommendations. I’d go with John Willis’s Profound or Gene Kim’s Idealcast. Some overlap in (world class) guests but different interview approaches and perspectives.” – Damon Edwards, Sr. Director, Product PagerDuty
Hosted by Steve Gibson and Leo Laporte
Stay up-to-date and deepen your cybersecurity acumen with Security Now. On this long-running podcast, cybersecurity authority Steve Gibson and technology expert Leo Laporte bring their extensive and historical knowledge to explore digital security topics in depth. Each week, they take complex issues and break them down for clarity and big-picture understanding. And they do it all in an approachable, conversational style infused with their unique sense of humor. Listen and subscribe, and stay on top of the constantly changing world of Internet security. Security Now records every Tuesday afternoon and hits your podcatcher later that evening.
“The shows cover a wide range of security topics, from the basics of technologies such as DNSSec & Bitcoin, to in depth, tech analysis of the latest hacks hitting the news, The main host, Steve Gibson, is great at breaking down tech subjects over an audio . It’s running at over 800 episodes now, regular as clockwork every week, so you can rely on it. Funnily Steve Gibson has often reminded me of you – able to assess what’s going on with a subject, calmly find the important points, and describe them to the rest of us in way that’s engaging and relatable.medium – in a way you can follow and be interested in during your commute or flight.” – Gary Robinson, Chief Security Officer, Ulseka
Hosted by Jordan Harbinger
Today, The Jordan Harbinger Show has over 15 million downloads per month and features a wide array of guests like Kobe Bryant, Moby, Dennis Rodman, Tip “T.I.” Harris, Tony Hawk, Cesar Millan, Simon Sinek, Eric Schmidt, and Neil deGrasse Tyson, to name a few. Jordan continues to teach his skills, for free, at 6-Minute Networking. In addition to hosting The Jordan Harbinger Show, Jordan is a consultant for law enforcement, military, and security companies and is a member of the New York State Bar Association and the Northern California Chapter of the Society of Professional Journalists.
“Excellent podcasts where he interviews people from literally every walk of life, how they have become successful, why they have failed (if they have) as well as great personal development coaching ideas.” – Jeff DeVerter, CTO, Products and Services, RackSpace
Hosted by Adam Grant
Adam hosts WorkLife, a chart-topping TED original podcast. His TED talks on languishing, original thinkers, and givers and takers have been viewed more than 30 million times. His speaking and consulting clients include Google, the NBA, Bridgewater, and the Gates Foundation. He writes on work and psychology for the New York Times, has served on the Defense Innovation Board at the Pentagon, has been honored as a Young Global Leader by the World Economic Forum, and has appeared on Billions.
“I don’t listen to many technical podcasts. I like Caroline Wongs and have listened to it a number of times (Humans of InfoSec) but since much of my role is getting developers on board with security actions, I gravitate toward more psychology based podcasts – Adam Grant’s is amazing (it’s called WorkLife).” – Jennifer Czaplewski, Senior Director, Cyber Security, Target
“You know lately I have been listening to WorkLife with Adam Grant. Not a tech podcast but a management one.” – Paula Thrasher, Senior Director Infrastructure, PagerDuty
Hosted by Core Team Members: Betsy Beyer, MP English, Salim Virji, Viv
The Google Prodcast Team has gone through quite a few iterations and hiatuses over the years, and many people have had a hand in its existence. For the longest time, a handful of SREs produced the Prodcast for the listening pleasure of the other engineers here at Google.
We wanted to make something that would be of interest to folks across organizations and technical implementations. In his last act as part of the Prodcast, JTR put us in touch with Jennifer Petoff, Director of SRE Education, in order to have the support of the SRE organization behind us.
“The SRE Prodcast is Google’s podcast about Site Reliability Engineering and production software. In Season 1, we discuss concepts from the SRE Book with experts at Google.” – Jennifer Petoff, Director, Program Management, Cloud Technical Education Google
Hosted by Kai Ryssdal And Kimberly Adams
Every weekday, Kai Ryssdal and Kimberly Adams break down the news in tech, the economy and culture. How do companies make money from disinformation? How can we tackle student debt? Why do 401(k)s exist? What will it take to keep working moms from leaving the workforce? Together, we dig into complex topics to help make today make sense
“I literally learn 3 new things about topics i never would have tried to learn about.” – Kadi Grigg, Enablement Specialist, Sonatype
Hosted by Russ Roberts
Conversations for the Curious is an award-winning weekly podcast hosted by Russ Roberts of Shalem College in Jerusalem and Stanford’s Hoover Institution. The eclectic guest list includes authors, doctors, psychologists, historians, philosophers, economists, and more. Learn how the health care system really works, the serenity that comes from humility, the challenge of interpreting data, how potato chips are made, what it’s like to run an upscale Manhattan restaurant, what caused the 2008 financial crisis, the nature of consciousness, and more.
“The only podcast I listen to is actually EconTalk, which has nothing to do with tech!” – Kelly Shortridge, Senior Principal, Product Technology, Fastly
Hosted by Jacob Morgan
The Future of Work With Jacob Morgan is a unique show that explores how the world of
work is changing, and what we need to do in order to thrive. Each week several episodes are
released which range from long-form interviews with the world’s top business leaders and
authors to shorter form episodes which provide a strategy or tip that listeners can apply to
become more successful.
The show is hosted by 4x best-selling author, speaker and futurist Jacob Morgan and the
goal is to give listeners the inspiration, the tools, and the resources they need to succeed
and grow at work and in life.
Episodes are not scripted which makes for fun, authentic, engaging, and educational
episodes filled with insights and practical advice.
“It is hard for me to keep up with podcasts. The one I listen to regularly is “Leading The Future of Work” by Jacob Morgan. I know it is not technical, but I think it is extremely important for technical people to understand what the business thinks and is concerned about.” – Keyaan Williams, Managing Director, CLASS-LLC
Hosted by Dave Bittner and Joe Carrigan
Deception, influence, and social engineering in the world of cyber crime.
Join Dave Bittner and Joe Carrigan each week as they look behind the social engineering scams, phishing schemes, and criminal exploits that are making headlines and taking a heavy toll on organizations around the world.
“In case we needed any reminders that humanity is a scary place.” – Matt Howard, SVP and CMO, Virtu
Hosted by Ashish Rajan, Shilpi Bhattacharjee, and Various Contributors
Cloud Security Podcast is a WEEKLY Video and Audio Podcast that brings in-depth cloud security knowledge to you from the best and brightest cloud security experts and leaders in the industry each week over our LIVE STREAMs.
We are the FIRST podcast that carved the niche for Cloud Security in late 2019. As of 2021, the large cloud service providers (Azure, Google Cloud, etc.) have all followed suit and started their own cloud security podcasts. While we recommend you listen to their podcasts as well, we’re the ONLY VENDOR NEUTRAL podcast in the space and will preserve our neutrality indefinitely.
“I really love Ashish’s cloud security podcast, listened to it for a while now. He gets really good people on it and it’s a nice laid back listen, too.” – Simon Maple, Field CTO, Snyk
Hosted by Glenn Wilson, Steve Giguere, Jessica Cregg
In depth conversations with influencers blurring the lines between Dev, Sec, and Ops!
We speak with professionals working in cyber security, software engineering and operations to talks about a number of DevSecOps topics. We discuss how organisations factor security into their product delivery cycles without compromising the value of doing DevOps and Agile.
“One of my favourite meetups in London ‘DevSecOps London Gathering’ has a podcast where they invite their speakers https://dsolg.com/#podcast” – Stefania Chaplin, Solutions Architect UK&I, GitLab
Hosted by Tony Kornheiser and Mike Wilbon
Longtime sportswriters Tony Kornheiser and Mike Wilbon debate and discuss the hottest topics, issues and events in the world of sports in a provocative and fast-paced format.
Similar in format to Gene Siskel and Roger Ebert‘s At the Movies,[2][3] PTI is known for its humorous and often loud tone, as well as the “rundown” graphic which lists the topics yet to be discussed on the right-hand side of the screen. The show’s popularity has led to the creation of similar shows on ESPN and similar segments on other series, and the rundown graphic has since been implemented on the morning editions of SportsCenter, among many imitators.[4] – Wikipedia
“I’m interested in sports, and Tony and Mike are well-informed, amusing, and opinionated. It also doesn’t hurt any that I’ve known them since they were at The Washington Post and I was freelancing there. What you see on television, or hear on their podcast, is exactly how they are in real life. This sincerity of personality is a big reason why they’ve become so successful.” – Steven Vaughan-Nichols, Technology and business journalist and analyst. Red Ventures
The post 35 Podcasts Recommended by People You Can Trust appeared first on Linux Foundation.
This post originally appeared on LF Networking’s blog. The author, Heather Kirksey, is VP Community & Ecosystem. ONE Summit is the Linux Foundation Networking event that focuses on the networking and automation ecosystem that is transforming public and private sector innovation across 5G network edge, and cloud native solutions. Our family of open source projects address every layer of infrastructure needs from the user edge to the cloud/core. Attend ONE Summit to get the scoop on hot topics for 2022!
Today LF Networking announced our schedule for ONE Summit, and I have to say that I’m extraordinarily excited. I’m excited because it means we’re growing closer to returning to meeting in-person, but more importantly I was blown away by the quality of our speaking submissions. Before I talk more about the schedule itself, I want to say that this quality is all down to you: You sent us a large number of thoughtful, interesting, and innovative ideas; You did the work that underpins the ideas; You did the work to write them up and submit them. The insight, lived experience, and future-looking thought processes humbled me with its breadth and depth. You reminded me why I love this ecosystem and the creativity within open source. We’ve all been through a tough couple of years, but we’re still here innovating, deploying, and doing work that improves the world. A huge shout out to everyone across every company, community, and project that made the job of choosing the final roster just so difficult.
Now onto the content itself. As you’ve probably heard, we’ve got 5 tracks: Industry 4.0, Security and Privacy, The New Networking Stack, Operationalizing Deployment, and Emerging Technologies and Business Models:
Every talk that made it into this program has unique and valuable insight, and I’m so proud to be part of the communities that proposed them. I’m also honored to have worked with one of the best Programming Committees in open source events ever. These folks took so much time and care to provide both quantitative and qualitative input that helped shape this agenda. Please be sure to thank them for their time because they worked hard to take the heart of this event to the next level. If you want to be in the room and in the hallway with these great speakers, there is only ONE place to be. Early bird registration ends soon, so don’t miss out and register now!
And please don’t forget to sponsor. Creating a space for all this content does cost money, and we can’t do it without our wonderful sponsors. If you’re still on the fence, please consider how amazing these sessions are and the attendee conservations they will spark. We may not be the biggest conference out there, but we are the most focused on decision makers and end users and the supply chains that enable them. You won’t find a more engaged and thoughtful audience anywhere else.
The post You want content? We’ve got your content right here! appeared first on Linux Foundation.
Is your organization consuming open source software, or is it starting to contribute to open source projects? If so, perhaps it’s time for you to start an OSPO: an open source program office.
At the LF, we’re dedicating resources to improving your understanding of all things open source, such as our Guide to Enterprise Open Source and the Evolution of the Open Source Program Office, published the last year.
In a new Linux Foundation Research report, A Deep Dive into Open Source Program Offices, published in partnership with the TODO Group, authored by Dr. Ibrahim Haddad, Ph.D, showcases the many forms of OSPOs, their maturity models, responsibilities, and challenges they face in open source enterprise adoption, and also their staffing requirements are discussed in detail.
“The past two decades have accelerated open source software adoption and increased involvement in contributing to existing projects and creating new projects. Software is where a lot of value lies and the vast majority of software developed is open source software providing access to billions of dollars worth of external R&D. If your organization relies on open source software for products or services and does not have a formalized OSPO yet to manage all aspects of working with open source, please consider this report a call to establish your OPSO and drive for leadership in the open source areas that are critical to your products and services.” – Ibrahim Haddad, Ph.D., General Manager, LF AI & Data Foundation
Here are some of the report’s important lessons:
An OSPO can help you manage and track your company’s use of open source software and assist you when interacting with other stakeholders. It can also serve as a clearinghouse for information about open source software and its usage throughout your organization.
Your OSPO is the central nervous system for an organization’s open source strategy and provides governance, oversight, and support for all things related to open source.
OSPOs create and maintain an inventory of your open source software (OSS) assets and track and manage any associated risks. The OSPO also guides how to best use open source software within the organization and can help coordinate external contributions to open source projects.
To be effective, the OSPO needs to have a deep understanding of the business and the technical aspects of open source software. It also needs to work with all levels of the organization, from executives to engineers.
An OSPO is designed to:
This can include creating policies for code use, distribution, selection, auditing, and other areas; training developers; ensuring legal compliance, and promoting and building community engagement to benefit the organization strategically.
An organization’s OSPO can take many different forms, but typically it is a centralized team that reports to the company’s executive level. The size of the team will depend on the size and needs of the organization, and how it is adopted also will undergo different stages of maturity.
When starting, an OSPO might just be a single individual or a very small team. As the organization’s use of open source software grows, the OSPO can expand to include more people with different specialties. For example, there might be separate teams for compliance, legal, and community engagement.
This won’t be the last we have to say about the OSPO in 2022. There are further insights in development, including a qualitative study on the OSPO’s business value across different sectors, and the TODO group’s publication of the 2022 OSPO Survey results will take place during OSPOCon in just a few weeks.
“There is no board template to build an OSPO. Its creation and growth can vary depending on the organization’s size, culture, industry, or even its milestones.
That’s why I keep seeing more and more open source leaders finding critical value in building connections with other professionals in the industry. OSPOCon is an excellent networking and learning space where those working (or willing to work) in open source program offices that rely on open source technologies come together to learn and share best practices, experiences, and tools to overcome challenges they face.” Ana Jiménez, OSPO Program Manager at TODO Group
Join us there and be sure to read the report today to gain key insights into forming and running an OSPO in your organization.
The post Is it time for an OSPO in your organization? appeared first on Linux Foundation.
by Ashwin Ramaswami
June 2022 saw the publication of Addressing Cybersecurity Challenges in Open Source Software, a joint research initiative launched by the Open Source Security Foundation in collaboration with Linux Foundation Research and Snyk. The research dives into security concerns in the open source ecosystem. If you haven’t read it, this article will give you the report’s who, what, and why, summarizing its key takeaways so that it can be relevant to you or your organization.
This report is for everyone whose work touches open source software. Whether you’re a user of open source, an OSS developer, or part of an OSS-related institution or foundation, you can benefit from a better understanding of the state of security in the ecosystem.
Open source consumers and users: It’s very likely that you rely on open source software as dependencies if you develop software. And if you do, one important consideration is the security of the software supply chain. Security incidents such as log4shell have shown how open source supply chain security touches nearly every industry. Even industries and organizations that have traditionally not focused on open source software now realize the importance of ensuring their OSS dependencies are secure. Understanding the state of OSS security can help you to manage your dependencies intelligently, choose them wisely, and keep them up to date.
Open source developers and maintainers: People and organizations that develop or maintain open source software need to ensure they use best practices and policies for security. For example, it can be valuable for large organizations to have open source security policies. Moreover, many OSS developers also use other open source software as dependencies, making understanding the OSS security landscape even more valuable. Developers have a unique role to play in leading the creation of high-quality code and the respective governance frameworks and best practices around it.
Institutions: Institutions such as open source foundations, funders, and policymaking groups can benefit from this report by understanding and implementing the key findings of the research and their respective roles in improving the current state of the OSS ecosystem. Funding and support can only go to the right areas if priorities are informed by the problems the community is facing now, which the research assists in identifying.
The data from this report was collected by conducting a worldwide survey of:
The survey also included data collected from several major package ecosystems by using Snyk Open Source, a static code analysis (SCA) tool free to use for individuals and open source maintainers.
Here are the major takeaways and recommendations from the report:
Open source software is a boon: its collaborative and open nature has allowed society to benefit from various innovative, reliable, and free software tools. However, these benefits only last when users contribute back to open source software and when users and developers exercise due diligence around security. While the most successful open source projects have gotten such support, other projects have not – even as open source use has continued to be more ubiquitous.
Thus, it is more important than ever to be aware of the problems and issues everyone faces in the OSS ecosystem. Some organizations and open source maintainers have strong policies and procedures for handling these issues. But, as this report shows, other organizations are just facing these issues now.
Finally, we’ve seen the risks of not maintaining proper security practices around OSS dependencies. Failure to update open source dependencies has led to costs as high as $425 million. Given these risks, a little investment in strong security practices and awareness around open source – as outlined in the report’s recommendations – can go a long way.
We suggest you read the report – then see how you or your organization can take the next step to keep yourself secure!
The post Addressing Cybersecurity Challenges in Open Source Software: What you need to know appeared first on Linux Foundation.
Accedi
