By now, just about everybody has seen or heard at least the headline version of the story: A hacker tried to poison the drinking water supply of a small Florida town near Tampa earlier this month.

But as was also reported, the attack was detected and blocked long before there was any damage. A supervisor monitoring the Oldsmar (population 15,000) water plant systems saw a mouse pointer move across a screen and “immediately noticed the change in dosing amounts,” which could eventually have boosted the amount of sodium hydroxide (lye) in drinking water by 100 times. That caustic chemical, at…

Another year, another flurry of reports on the precarious security of connected medical devices.

Which should prompt another reminder that while those security risks are real, should be taken seriously, and need to be addressed more aggressively, there is general agreement among experts that the benefits of those devices still outweigh the risks, by a lot. Indeed, there are potentially deadly risks in many areas of life — driving a car, flying in a plane, climbing a mountain and more.

But as we all know there are numerous things that have been done to make those activities much safer. And…

Nothing good goes uncorrupted. Or unexploited.

Which is a depressing but important reality in just about any area of life, but especially in cybersecurity. Unfortunately it applies to collaboration — in general a very good thing. People who collaborate are usually able to create or do something better together than any one of them could have done on their own.

In cybersecurity, collaboration means software vulnerabilities frequently get discovered more quickly and therefore get patched before hackers can exploit them. A two-decades-old slogan declares that “given enough eyeballs, all bugs are shallow.” It’s a bit like crowd-sourcing security.

But that…

Keep your software up to date!

As any cybersecurity expert will tell you, that’s more than just a casual reminder. It’s an urgent exhortation, frequently delivered with a true-life scare story.

If you don’t install available patches and updates to fix known vulnerabilities in your software, you could become the next Equifax, the credit reporting giant breached in 2017 because it failed to install a patch in the web application framework Apache Struts — a patch that had been available for months. The breach compromised Social Security numbers and other personal data of 147 million customers.

So with that and…

Believe it or not, the two parties in Congress and the President have agreed on something both significant and substantive since Election Day: Not just that the Internet of Things (IoT) needs better security, but on how to do it — or at least try.

Both houses of Congress passed — unanimously! — and President Trump signed, the “Internet of Things Cybersecurity Improvement Act of 2020, an effort that began more than three years ago.

There is no question about the need — it’s blindingly obvious. You could count the reasons. Actually, you couldn’t count them, at least not without…

It has been said before, but it needs to be said again — and again: Software can make or break your business.

If it’s high-quality, with security “built in” throughout the software development life cycle (SDLC), it can streamline your operations, protect your assets, and help you create and deliver products and services that can make you prosperous.

If it is written poorly, with little attention paid to security, software can make you an easy target for online attackers who can exploit its vulnerabilities to steal your intellectual property, your money, and your customers’ personal and financial information. …

It’s become a cliché because it’s true: If you’re in business, you’re a software company. But these days that cliché has become a bit more specific: You’re an open source software (OSS) company.

Because virtually all software products built and in use today include open source — the kind that’s free and available for anyone to use, modify, or share as they please, although it usually comes with some licensing restrictions or obligations.

Which is why, if you’re in business, you should check out a report released last week by the Synopsys Cybersecurity Research Center (CyRC) on how organizations around…

If you’re in business, the cloud is the place to be. It has been for some time — it was more than two years ago that Druva, a cloud data management and security company, reported that of 170 companies it surveyed, an overwhelming majority — 90% — said moving virtualized workloads to the cloud was either a reality or a near-term goal.

That’s both good and bad.

It’s good for reasons that are by now well-established. Cloud environments are generally scalable, reliable, and highly available. They make it easier to forecast ROI, and implementation costs are minimal. The cloud offers…