Security News

Budgetary, policy, workforce issues influencing DOD and intelligence community IT priorities
2020-01-15 05:00

Information Technology spending by Department of Defense and Intelligence Community agencies will continue to grow as they work to keep pace with the evolution of both the threat landscape and technology development, according to Deltek. IT solutions such as cloud computing, modern data management, big data, cybersecurity and artificial intelligence are in high demand by intelligence agencies with increasingly complex national security missions.

Google’s Project Zero highlights patch quality with policy tweak
2020-01-09 11:26

Google's Project Zero bug-hunting team has tweaked its 90-day responsible disclosure policy to help improve the quality and adoption of vendor patches. The vendor then has 90 days to fix the bug before Project Zero lifts the veil.

Why outsourcing your DPO role is an effective insurance policy
2020-01-09 07:00

DPOs play a pivotal role in an organization's data management health and are required to report directly to the highest level of management. Some tasks that fall under the DPO role include advising on issues around data protection impact assessments, training, overseeing the accuracy of data mapping and responding to data subject access requests.

Google Ditches Patch-Time Bug Disclosure in Favor of 90-Day Policy
2020-01-08 20:10

The more notable part of the announcement is Project Zero's decision to wait to disclose bug details until 90 days elapses, even if a patch becomes available before then. "For the last five years, the team has used its vulnerability disclosure policy to focus on one primary goal: Faster patch development," explained Willis, in a posting on Tuesday on the policy changes.

Google Project Zero Updates Vulnerability Disclosure Policy
2020-01-08 18:27

Google's Project Zero has updated its vulnerability disclosure policy to keep bug reports closed for 90 days, regardless of whether a patch is out before the deadline or not. The goal of this new policy, Google Project Zero's Tim Willis notes, goes beyond just attempting to speed up patching: thorough patch development and improved patch adoption are also a focus.

Only 54% of security pros have a written policy on length and randomness for keys for machine identities
2019-12-27 06:45

People rely on usernames and passwords to identify themselves to machines so they can gain access to data and services. Machines also need to authenticate themselves to each other so they can...

Facebook’s location tracking policy still worries US Senators
2019-12-20 11:37

Does Facebook continue to track the locations of its users even when they’ve told it not to? Yes!

Becoming a Tech Policy Activist
2019-12-04 12:04

Carolyn McCarthy gave an excellent TEDx talk about becoming a tech policy activist. It's a powerful call for public-interest technologists....

US tightens rules on drone use in policy update
2019-11-29 11:22

When it comes to managing drones (Unmanned Aircraft Systems, or UAS) the US Department of Justice wants Americans to know it’s on the case.

DHS Mandates Federal Agencies to Run Vulnerability Disclosure Policy
2019-11-27 21:34

The DHS is requiring all federal agencies to develop a vulnerability disclosure policy. The goal is that people who discover vulnerabilities in government systems have a mechanism for reporting...