Security News

Google's Project Zero cybersecurity research unit on Thursday announced that it's making some changes to its vulnerability disclosure policies, giving users 30 days to install patches before disclosing the technical details of a flaw. Project Zero has announced three major changes to its vulnerability disclosure policy in 2021, compared to 2020.

Despite my best efforts to come up with a brilliant "Thought leadership" piece on what I think the Biden Administration should do, the best answer has already been written and published in March of 2020 as the 2020 Cyberspace Solarium Commission Report. Co-chaired by Senator Angus King and Representative Mike Gallagher, the bipartisan Cyberspace Solarium Commission proactively scrutinized U.S. cybersecurity in much the same way the 2004 9/11 Commission Report reactively assessed failings within the U.S. Intelligence Community and offered recommendations for sweeping changes.

To shore up their defenses, they must remediate their password policy. Replacing password expiration with password exposure is critical with an increasingly hybrid workforce and, as outlined above, for the friction it incurs.

Mozilla has announced that it will introduce a more privacy-focused default Referrer Policy to protect Firefox users' privacy, starting with the web browser's next version. Once updated, the web browser will automatically trim user-sensitive information like path and query string information accessible from the Referrer URL. This URL is sent together with the HTTP Referrer header between websites during subresources requests and navigating between sites by clicking on links.

Digital Guardian announced the release of DLP policy packs for top business communications and collaboration applications, Microsoft Teams, Skype, Slack, and Zoom. The new policy packs can help Digital Guardian customers enable secure communications and collaboration wherever employees are working by monitoring and controlling sensitive data sharing within these solutions.

Okera announced it has added the ability to delegate data access policy management, an important functionality for enabling Distributed Stewardship, to its Okera Dynamic Access Platform. As data volumes continue to soar, large, distributed enterprises require Distributed Stewardship to enable data stakeholders, who are the experts in their respective disciplines and domains, to ensure effective governance and compliance with data privacy regulations, including HIPAA, GDPR, CCPA/CPRA, and more.

In terms of "Things that will flow from this" the Integrated Review mentioned only the National Cyber Security Centre and the nascent National Cyber Force, both already in existence. Under the heading "Responsible, democratic cyber power" the government promised to "Use cyber capabilities to influence events in the real world," including more use of "Offensive cyber" - and, eye-catchingly for the UK infosec sector, UK.gov plans to build "An advantage in critical cyber technologies."

Rob Robinson, client partner in utilities practice for Capgemini, talks with TechRepublic about what the catastrophic outages in Texas should teach us about predicting threats to U.S. the power grid.

I think what you're going to see is that in the normal band of operation, I think, not just in Texas, but around the country, there's a lot of scenario planning, there's a lot of analytics that are present and used up from real-time, what they call, state estimation and situational wellness to situational awareness all the way to 20-year modeling to keep this grid stable. I think it's going to be a combination of modeling, not just the power grid, but the gas grid, of that water infrastructure-there's a whole huge behavioral modeling frontier that's going to be opened up.

OPA has demonstrated widespread adoption, an open governance process, feature maturity, and a strong commitment to community, sustainability, and inclusivity to graduate. OPA is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack.