Curated Daily News for March 4, 2021

Curated Daily News CoaC CISO


Estimated Reading Time: < 1 minute

Curated daily news for March 4, 2021


Today’s articles include: Two critical reads on the Microsoft Exchange Zero-days, Qualys breached via Accellion, Malicious packages ‘Code Bomb’ major sites, Is cyber-insurance worth it?, and the difference between a SOC 2 and ISO27001.

Today’s two critical reads:


Tool Of The Day
Threatspec – Continuous Threat Modeling, Through Code: Threatspec is an open source project that aims to close the gap between development and security by bringing the threat modelling process further into the development process. This is achieved by having developers and security engineers write threat modeling annotations as comments inside source code, then dynamically generating reports and data-flow diagrams from the code. This allows engineers to capture the security context of the code they write, as they write it. In a world of everything-as-code, this can include infrastructure-as-code, CI/CD pipelines, and serverless etc. in addition to traditional application code.

Copyright © 2002-2021 John Masserini. All rights reserved.


Leave a Reply

Your email address will not be published. Required fields are marked *