Posts by

Establishing a Scalable Collaboration Between Security and DevOps
January 28, 2021
In a recent blog post, we’ve discussed the journey many IT organizations are on to digital transformation and the trajectory they have taken in recent years. Drawing from a recent webinar run with 451 Research, part of S&P Global Market Intelligence, we looked at the cloudy future of workload deployment locations and current DevOps adoption […]
Heap Overflow in Sudo: The Struggling Escape Artist (CVE-2021-3156)
January 27, 2021
Yesterday, the Qualys Research Team disclosed a heap overflow vulnerability in sudo, CVE-2021-3156, called “Baron Samedit” (in a show of delightful wordplay with the Haitian Vodou spirit). It allows a local user to become root and gain control over the target system. Why it’s cool: Sudo, short for “superuser do”, is a default utility in […]
Bringing Your A-Game: Availability for Security People
January 26, 2021
The security industry tends to focus on the protection of sensitive data, forgetting that availability falls under the classic C.I.A. triad. This is a mistake, and an especially egregious one considering the rise of the service delivery economy. This post is intended as an overview of why infosec teams stand to substantially benefit from rediscovering […]
Security Gaps in the Digital Transformation Journey
January 14, 2021
In a recent webinar produced in partnership with 451 Research, part of S&P Global Market Intelligence, Kelly Shortridge and Fernando Montenegro discussed the elements necessary for security teams to better engage with DevOps. But to realize that kind of transformation, context is needed. Digital transformation is a holistic process. It’s a journey that every organization […]