Vulnerability Management: Navigating the Deep Dark Pit of Version Numbers

One of the first things any security practitioner will tell you to do is keep your software up to date. It’s the number one way to protect against exploits targeting known vulnerabilities. In fact, most attacks these days don’t use new or novel attack methods, or even recently discovered vulnerabilities to succeed. They often use vulnerabilities that are years old!

Now while it’s simple to say that everyone should just run the most recent versions of operating systems and packages, actually implementing this quickly becomes painful for a number of reasons.

Read more “Vulnerability Management: Navigating the Deep Dark Pit of Version Numbers”

DevOpsDays Chicago 2016: Dev, Ops, & the Role of Security

Last week I spent two great days at DevOpsDays Chicago. Usually, I attend conferences to listen to the talks, but in Chicago I was representing Threat Stack (one of the event’s Gold Sponsors), so my job was mostly listening to engineers discuss their organization’s security stance and requirements. I learned a lot from the conference — especially about the integration of Security into a DevOps world.

Read more “DevOpsDays Chicago 2016: Dev, Ops, & the Role of Security”