Zero Trust Tag

In the wake of out most recent round of cloud and cybersecurity research, I've been thinking about the slow evolution of application security and the evocative, if misleading, concept of "zero trust." Trust and Application Security, v. 1.0 I am (to my occasional astonishment) old enough to...

We spend a lot of time at Nemertes nailing down the metrics that define "success" for a particular initiative. To be useful, a success metric must be: Quantitative. If you can't measure it in numbers, it doesn't serve to measure progress. And if it's not something...

Shifting to a zero-trust model is imperative if your goal as a cybersecurity professional is to get away from the perimeter-based model. But: • What are the components of zero trust, and what does it take to implement them? • What should you do first, second, and...

Should you be worried about the Chinese Supermicro spy chip revelations? In a nutshell, yes. If you're among the organizations using Supermicro server boards: Run, do not walk, to your server rooms and examine the boards in minute detail. And regardless of what server hardware you use,...