Post thumbnail

Finally! A Cybersecurity Safety Review Board is a new article by Steve Bellovin and myself at Lawfare. One element of President Biden’s executive order on cybersecurity establishes a board to investigate major incidents involving government computers in somewhat the way that the National Transportation Safety Board investigates aviation disasters. The two of us, among many…

Read More Thoughts on the Executive Order

Post thumbnail

The Supreme Court has ruled in the van Buren case, and there’s a good summary on the EFF’s blog: “The decision is a victory for all Internet users, as it affirmed that online services cannot use the CFAA’s criminal provisions to enforce limitations on how or why you use their service…” As I said at…

Read More Van Buren

The National Science Foundation is looking for information on needs for datasets, Dear Colleague Letter: Request for Information on the specific needs for datasets to conduct research on computer and network systems. A draft of my responses is on Google Docs. Comments are due Friday at 5 PM EST. (I thought I’d posted this earlier.)

Read More NSF Wants Data on Your Data Needs

“AppSec Pacific Northwest Conference is a free application security conference that will be held Saturday, June 19th. It is a virtual, online event sponsored by the OWASP chapters of Portland, Vancouver, and Victoria. We love to see brand new speakers, seasoned speakers and everyone in between. Their call for presentations is now open.

Read More Pacific Northwest Appsec Conference

On Monday, the Department of Justice announced that it had cleaned malware (“webshells”) off of hundreds of infected mail systems running Microsoft Exchange. Microsoft has been trying to get folks to apply critical security patches to address a problem that’s being actively exploited. A few minutes ago, I posted a screencapture of Microsoft’s autoupdater going…

Read More The Updates Must Go Through

This is a really encouraging set of trends that Sandy Carielli reports on: My latest report, “The State Of Application Security, 2021,” draws heavily from that security survey mentioned above, and by far the most encouraging piece of data I share in the report is about how security pros are prioritizing application security. When asked…

Read More Mmmm, Pandemic Puppies