Blog

security monitoring & vulnerability management to prevent cyberthreats panel

How to Address Threats with Security Monitoring

It’s clear from the recent attacks on big business that cybercriminals are escalating their attacks and exposing our weaknesses. From malware to ransomware, malicious actors are finding their way through our defenses.

Read More
Immunize your embedded devices’ software with built-in security protections against jackware.

An Embedded Devices “Doomsday” is Upon Us: How to Prevent Jackware

It’s no secret that despite our best efforts to eliminate exploits in today’s enterprise applications and software, they’re still finding a way in. In order to begin fighting these exploits and immunizing your software, the first place to start is identifying their avenues of attack.

Read More
How to Harness the Power of Software Security Monitoring

How to Harness the Power of Software Security Monitoring

It’s no secret that despite our best efforts to eliminate exploits in today’s enterprise applications and software, they’re still finding a way in. In order to begin fighting these exploits and immunizing your software, the first place to start is identifying their avenues of attack.

Read More
executive order signing

Improving the Nation’s Cybersecurity

In response to recent major cyber events, including the SolarWinds supply chain attack and the Colonial Pipeline ransomware attack, the Biden Administration issued an Executive Order “to improve the nation’s cybersecurity and protect federal government networks.”

Read More
Delivering Enterprise Application Security

Enterprise Application Security: Let’s Do Better

WAFs and SAST/DAST don’t provide adequate security for enterprise applications. There, I said it. Let’s dig into this assertion and see how we can improve the state of enterprise application security. Before we begin, let’s look at an example enterprise webserver using NGINX, Node.js, and Redis. Users access the application via NGINX, which acts as…

Read More

Profit Driven Cyber Defense

Cyber defense for embedded systems is justified using a total cost of ownership approach I admit it. Cyber defense is not eye catching, especially effective cyber defense, which is automated and transparent to the operator. An air platform’s range and a control system’s user interface are given the spotlight. However, cyber defense has financial benefits,…

Read More
5G Neywork Cybersecurity

Paul Rosenzweig: 5G Networks and Cybersecurity Metrics

Paul Rosenzweig recently made an appearance on the Lessons from the School of Cyber Hard Knocks podcast to discuss his current work, his theories of trust, 5G network technologies, and the importance of cybersecurity metrics with RunSafe’s CEO Joe Saunders. Currently, Rosenzweig is a cybersecurity consultant, practicing attorney, Senior Fellow at the R Street Institute,…

Read More
embedded-system

Embedded Systems Need Embedded Security

All critical infrastructure is under cyber attack, all the time. The attack on the Oldsmar, FL water supply is a recent known example. And it’s getting worse; vulnerability to cyber attack is increasing as the embedded devices controlling these critical infrastructures become more connected. The DevOps approach to software development offers an antidote—an opportunity to embed run-time…

Read More

Shared Security in a Cloud Environment

Cloud providers provide network and infrastructure, here is a way for you to protect the software and cloud workloads across all your cloud [and hybrid] environments Shift Left for Shared Cloud Security Cloud deployments introduce major new shared security considerations for organizations. This changes some key operational imperatives for development, security, and IT professionals. On…

Read More

Security Scanning for Software Vulnerabilities

Current strategies of scanning for and patching vulnerabilities in software leave a huge and highly-exploitable security gap. Recent research by RunSafe Security partners show that current strategies of scanning for and patching vulnerabilities in software leave a huge and highly-exploitable security gap. When measured against NIST CVEs (Common Vulnerability Enumerations from the National Vulnerability Database),…

Read More

Software Supply Chain Risk: Lessons from Solar Winds

By now everybody is aware of the extent of the SolarWinds security attack, but it is worth saying that this massive compromise enables bad actors to gain entry to hundreds of thousands of companies and government agencies via the SolarWinds backdoor. Unfortunately, this software supply chain risk could happen to any software maker exposing not…

Read More

The Devil in the Details: How The Caching Daemon Keeps Our Yocto Customers Running Safe

-It’s not always enough to just be safe, sometimes you need to be fast too. RunSafe is in the business of helping developers – and the organizations that employ them – to reduce risk. A key part of purpose is making sure our customers have the right tools that work in an optimal way, which…

Read More

Securing Cloud Workloads

How to Spend Less on Remediation Resources and More on New Features for Cloud Deployment The migration to the cloud continues to accelerate, as public cloud spending will grow by 18% to over $300B in 2021. The COVID-19 pandemic in 2020 did not slow this migration, and 2021 will see an even more rapid move…

Read More
Improv

Why Improv Training at RunSafe Security

With the release of “Lessons from the School of Cyber Hard Knocks” podcast, I have been reminded of the importance of learning from our mistakes as a core pillar of our company culture at RunSafe Security. Through internal training sessions, every employee takes a two-hour course I offer called “Lessons from the School of Hard…

Read More
Atlantic Council Logo

Systemic Software Risk in the Enterprise Supply Chain Part 3

In July 2020 the Atlantic Council, a highly-respected international affairs leadership institute based in Washington, DC, published a wide-ranging, evidence-based report titled “Breaking Trust: Shades of Crisis Across an Insecure Software Supply Chain” from its Scowcroft Center for Strategy and Security’s Cyber Statecraft Initiative. The report provides vital information on threats and priority focus areas…

Read More
Atlantic Council Logo

Systemic Software Risk in the Enterprise Supply Chain Part 2

In July 2020 the Atlantic Council, a highly-respected international affairs leadership institute based in Washington, DC, published a wide-ranging, evidence-based report titled “Breaking Trust: Shades of Crisis Across an Insecure Software Supply Chain” from its Scowcroft Center for Strategy and Security’s Cyber Statecraft Initiative. The report provides vital information on threats and priority focus areas…

Read More
Cyber Week Runsafe

CyberWeek Trivia Tournament Hosted By RunSafe Security

RunSafe Security has decided to hold a trivia tournament during CyberWeek and the winner will receive the coveted RunSafe Trivia Cup and earning the moniker, “The Smartest Cybersecurity Company in the World.”     Every week, as part of our internal team social activities, our team competes in individual trivia competitions. The competition is fierce,…

Read More
Cyber Week Runsafe

Register Now for RunSafe’s CyberSecurity Bashes at Cyber Week October 19-23

RunSafe Security is excited to announce a full lineup of cybersecurity bashes for CyberWeek 2020, held virtually October 19-23, 2020. All of these events will feature cybersecurity heavy hitters and respected industry thought leaders. CyberWeek is a digital experience featuring hundreds of national community events to exchange information, share best practices, and discuss the many…

Read More
Oracle Cloud Security

Combating the Rise in Open Source Vulnerabilities with RunSafe Security on Oracle Cloud Infrastructure

This post, by Nick Rea, RunSafe Security’s VP, Market Development, originally appeared on the Oracle Cloud Infrastructure Blog: Managing cybersecurity vulnerabilities for organizations of any size is no small task. For organizations that produce their own code, they’re a step ahead with access to the code itself. But what about organizations that use third-party code…

Read More
Atlantic Council Logo

Systemic Software Risk in the Enterprise Supply Chain, Part 1

About this Series of Three Blog Posts In July 2020 the Atlantic Council, a highly-respected international affairs leadership institute based in Washington, DC, published a wide-ranging, evidence-based report titled “Breaking Trust: Shades of Crisis Across an Insecure Software Supply Chain” from its Scowcroft Center for Strategy and Security’s Cyber Statecraft Initiative. The report provides vital…

Read More
Lessons from School of Cyber Hard Knocks

Announcing New Podcast Series: “Lessons from the School of Cyber Hard Knocks”

This blog post introduces a new podcast series hosted by CEO Joe Saunders. Here is a message from him with the backstory. Backstory: The School of Hard Knocks When I was a freshman in college, I was shocked when I received a low mark on my very first midterm exam. Ok, embarrassed. I had always…

Read More
Runsafe Security Logo

Two RunSafe Advisors Testify Before Congress On Remote Voting

On Friday, July 17, 2020, experts offered testimony on “Exploring the Feasibility and Security of Technology to Conduct Remote Voting in the House.”  In addition to former Speaker Newt Gingrich, Jon Green, Honorable Cheryl L. Johnson, Dr. Ronald Rivest, and Dr. David Wagner, two RunSafe Security advisors, William Crowell and Dr. Avi Rubin, offered expert…

Read More
Runsafe Security

Insecure Open Source Code Means Software Stacks Are Vulnerable: Painlessly Fix the Problem with Alkemist:Repo

The debate surrounding the security of open source code is sure to continue for years to come, but given that 50% of vulnerabilities in open source code often go unmitigated (even after four years), organizations remain exposed.  The usage of open source is nearly unavoidable today and it’s becoming an integral part of any software…

Read More
JFrgo PNG

With RunSafe and JFrog Together, Immunize Code Directly in the Pipeline without Developer Friction

RunSafe Alkemist is a cybersecurity solution built to defeat an entire class of cyber attacks. It seamlessly integrates into software build toolchains to eliminate the threat of memory-based vulnerabilities. Through RunSafe’s unique User Plugin, Jfrog users can now automatically apply Alkemist protections directly to artifacts flowing through Artifactory repositories. With JFrog being the Universal DevOps…

Read More
Power station systems security

How to Produce Secure Embedded Linux Distributions and Reduce Attack Surfaces by 50-70% while Reducing Support and Patching Costs

You’re only a few steps away from deploying Alkemist:Code into your Yocto environment! RunSafe Security’s Alkemist:Code for Yocto reduces attack surfaces and costs associated with frequent security updates and releases of IOT and embedded systems.  Without changing a line of code – or slowing down product releases – you and your development teams can immunize…

Read More
woman-by-technology

Security Stack Vulnerabilities: Blame it on Insecure Open Source Code

Article originally published on DevPro Journal. The debate surrounding open source code is sure to continue for years to come, and we’ve previously detailed both the high-level pros and cons to utilizing it. But one thing for sure is that the usage of open source is nearly unavoidable today and it’s becoming an integral part of any software…

Read More
Oracle Logo

RunSafe Security Alkemist:Repo Launches on Oracle Cloud Marketplace

RunSafe Security taps the Oracle Cloud Marketplace as a strategic distribution platform for its pre-hardened IT Infrastructure Program known as Alkemist:Repo. Alkemist:Repo. is an exciting new program that offers pre-hardened Open Source IT Infrastructure software components with RunSafe protections built in. Using RunSafe’s patented Alkemist transformation engine, the Open Source images available on the Marketplace include…

Read More
Yocto Logo

5-Minute Memory Threat Immunization for Yocto Build Environments

The yocto project is a game-changing developer environment that streamlines the creation of custom embedded linux distributions for any hardware architecture. yocto uses “layers” and “recipes” to provide easy configuration management and a reliable and reproducible build process. This toolchain has opened the door to inserting security easily into the build process, reducing operational burdens…

Read More
Lockheed Martin Logo

Lockheed Martin Ventures and NextGen Venture Partners Invest in RunSafe Security

Lockheed Martin Ventures and NextGen Venture Partners Invest in RunSafe Security RunSafe’s patented process immunizes software across build and deploy toolchains MCLEAN, VA. – March 5, 2020 – RunSafe Security, the pioneer of a patented process to immunize software from cyber attacks without developer friction, today announced a second close of $3.5M in Series A…

Read More
Runsafe Supply Chain Security

Supply Chain Economics and Security

Let’s face it, supply chains are complex and distributed. Operations matter, and for some it is truly a miracle how many coordinated parts come together into a seamless operation.  In fact, some manufacturers have tens of thousands of suppliers, from raw materials to hardware to firmware to software and everything in between.  As companies continually…

Read More