Blog

Table of Contents: How Does 5G Impact National Security? Securing the 5G Global Network DoD’s Response to 5G Security Will There Be a National 5G Network? Protecting 5G Networks Watch the 5G Bash at CyberWeek 2020   RunSafe Security hosted a 5G Cyber Bash webinar as a part of CyberWeek 2020. Our thought leadership two…

Table of Contents: New Survey Results: Cyber Decision Makers Are Unaware about the State of Firmware Security Are Cyber Risk Decision Makers Truly Informed? What Tools Are Available to Fill Cyber Knowledge Gaps?   The software world continues to undergo dramatic change. From digital transformation to devops and shift left, organizations are re-inventing their software…

Table of Contents: Preventing Cyber Attacks is Impossible but Improving Code Security Isn’t The Importance of Software Supply Chain Security How to Improve Code Security Future Goals for Cybersecurity Experts   In a recent episode of “In the Nic of Time”, Nicolas Chaillan interviewed David Wheeler, an expert on open source software. David is the…

Table of Contents: Schneider Electric Chooses RunSafe to Protect HMI Products What is HMI and Why Is It Important to Industrial Security? How to Protect HMI Products Protect Your Software Against Vulnerabilities   Over the past several years, Hackers Arise has noted that attackers target ICS/SCADA systems in two primary areas:  Attack the protocols (modbus,…

Table of Contents: Open Source Software from an Attacker’s Point of View Bad Actors Will Find Vulnerabilities to Exploit How Are Bad Actors Getting In? Protect Yourself From Bad Actors with an Open Source Software Protection System   Open source software is being used at companies worldwide. From the smallest businesses to multinational Fortune 500…

Table of Contents: ICS Advisory Recap: How to Mitigate Today’s Most Prevalent Cyber Risks Recent ICS-CERT Advisories How RunSafe Protects Against These Attacks Prioritize Cybersecurity and Reduce Attack Surface with RunSafe   At RunSafe Security, we appreciate the tremendous work Cybersecurity and Infrastructure Security Agency (CISA) performs to help our nation be more resilient.  In…

Table of Contents: The Attack Surface is Increasing: Understand Your Risk & Protect Your Software Taking Inspiration From Loyalty Marketing Programs Eliminate Software Vulnerabilities   With cyber attacks on the rise, it is more important than ever that your software is protected against threat actors, data loss, data theft, and more. Beyond phishing attacks, cyber…

Table of Contents: Protecting Yourself From Ransomware Attacks Cyber Attacks Cost $6 Trillion to Fix in 2021 Software Supply Chain Attacks Are on the Rise The Rising Cost of Ransomware Zero-Day Memory Exploits Have a Banner Year RunSafe Security’s Alkemist is the Best Ransomware Prevention   In an increasingly online and interconnected world, it’s not…

Table of Contents:   Changing the Economics in Open Source Software What the “Old Ways” Are Lacking Building Intrinsic Security into Code Itself Making Code Self-Protecting Dramatically Reducing Exploitable Vulnerabilities Maintaining High-Velocity Code Release Schedules   What the “Old Ways” Are Lacking Open source software, in its three decades of existence, has experienced rapid growth…

Table of Contents: Common Misconceptions Putting Organizations at Risk 1. Our Company is an Unlikely Target 2. Cybersecurity is Expensive. 3. We Don’t Need to Worry Because We Have Security Tools to Alert Us Immediately Take Action to Protect Software Infrastructure   Cybersecurity remains an imperative issue as cyber attacks continue to soar. The number…

Table of Contents: Recap of Cybersecurity and Cyber Attacks in 2021 Security Monitoring  Embedded Device Security Open Source Software Security Cloud Workload Security Recap of Cybersecurity and Cyber Attacks in 2021 Dare I say that the past year has been…drumroll…unprecedented…in the realm of cybersecurity and cyber attacks?  Here are some statistics to showcase what the…

The Ransomware Threat   RunSafe Security founder and CEO Joe Saunders recently sat down with an expert panel for the Billington Cybersecurity Summit. The event featured three days of high-level networking and knowledge-sharing to advocate the cyber mission in the U.S. government and among allied countries.  The panelists included the following government and private sector leaders:…

In a recent webinar hosted by RunSafe Security, moderator Nick Rea, Customer Engineering Leader at Google Cloud, guides a discussion on changing Linux distributions. Learn how containers and cloud services impact security from panelists with expertise in linux, software security, and technology research: Greg Kurtzer, CEO of Ctrl IQ, original CentOS author, and founder and…

It’s clear from the recent attacks on big business that cybercriminals are escalating their attacks and exposing our weaknesses. From malware to ransomware, malicious actors are finding their way through our defenses.

It’s no secret that despite our best efforts to eliminate exploits in today’s enterprise applications and software, they’re still finding a way in. In order to begin fighting these exploits and immunizing your software, the first place to start is identifying their avenues of attack.

It’s no secret that despite our best efforts to eliminate exploits in today’s enterprise applications and software, they’re still finding a way in. In order to begin fighting these exploits and immunizing your software, the first place to start is identifying their avenues of attack.

In response to recent major cyber events, including the SolarWinds supply chain attack and the Colonial Pipeline ransomware attack, the Biden Administration issued an Executive Order “to improve the nation’s cybersecurity and protect federal government networks.”

WAFs and SAST/DAST don’t provide adequate security for enterprise applications. There, I said it. Let’s dig into this assertion and see how we can improve the state of enterprise application security. Before we begin, let’s look at an example enterprise webserver using NGINX, Node.js, and Redis. Users access the application via NGINX, which acts as…

Cyber defense for embedded systems is justified using a total cost of ownership approach I admit it. Cyber defense is not eye catching, especially effective cyber defense, which is automated and transparent to the operator. An air platform’s range and a control system’s user interface are given the spotlight. However, cyber defense has financial benefits,…

Paul Rosenzweig recently made an appearance on the Lessons from the School of Cyber Hard Knocks podcast to discuss his current work, his theories of trust, 5G network technologies, and the importance of cybersecurity metrics with RunSafe’s CEO Joe Saunders. Currently, Rosenzweig is a cybersecurity consultant, practicing attorney, Senior Fellow at the R Street Institute,…

All critical infrastructure is under cyber attack, all the time. The attack on the Oldsmar, FL water supply is a recent known example. And it’s getting worse; vulnerability to cyber attack is increasing as the embedded devices controlling these critical infrastructures become more connected. The DevOps approach to software development offers an antidote—an opportunity to embed run-time…

Cloud providers provide network and infrastructure, here is a way for you to protect the software and cloud workloads across all your cloud [and hybrid] environments Shift Left for Shared Cloud Security Cloud deployments introduce major new shared security considerations for organizations. This changes some key operational imperatives for development, security, and IT professionals. On…

Current strategies of scanning for and patching vulnerabilities in software leave a huge and highly-exploitable security gap. Recent research by RunSafe Security partners show that current strategies of scanning for and patching vulnerabilities in software leave a huge and highly-exploitable security gap. When measured against NIST CVEs (Common Vulnerability Enumerations from the National Vulnerability Database),…

By now everybody is aware of the extent of the SolarWinds security attack, but it is worth saying that this massive compromise enables bad actors to gain entry to hundreds of thousands of companies and government agencies via the SolarWinds backdoor. Unfortunately, this software supply chain risk could happen to any software maker exposing not…

-It’s not always enough to just be safe, sometimes you need to be fast too. RunSafe is in the business of helping developers – and the organizations that employ them – to reduce risk. A key part of purpose is making sure our customers have the right tools that work in an optimal way, which…

How to Spend Less on Remediation Resources and More on New Features for Cloud Deployment The migration to the cloud continues to accelerate, as public cloud spending will grow by 18% to over $300B in 2021. The COVID-19 pandemic in 2020 did not slow this migration, and 2021 will see an even more rapid move…

With the release of “Lessons from the School of Cyber Hard Knocks” podcast, I have been reminded of the importance of learning from our mistakes as a core pillar of our company culture at RunSafe Security. Through internal training sessions, every employee takes a two-hour course I offer called “Lessons from the School of Hard…

In July 2020 the Atlantic Council, a highly-respected international affairs leadership institute based in Washington, DC, published a wide-ranging, evidence-based report titled “Breaking Trust: Shades of Crisis Across an Insecure Software Supply Chain” from its Scowcroft Center for Strategy and Security’s Cyber Statecraft Initiative. The report provides vital information on threats and priority focus areas…

In July 2020 the Atlantic Council, a highly-respected international affairs leadership institute based in Washington, DC, published a wide-ranging, evidence-based report titled “Breaking Trust: Shades of Crisis Across an Insecure Software Supply Chain” from its Scowcroft Center for Strategy and Security’s Cyber Statecraft Initiative. The report provides vital information on threats and priority focus areas…

RunSafe Security has decided to hold a trivia tournament during CyberWeek and the winner will receive the coveted RunSafe Trivia Cup and earning the moniker, “The Smartest Cybersecurity Company in the World.”     Every week, as part of our internal team social activities, our team competes in individual trivia competitions. The competition is fierce,…