Security done right: Celebrating infosec wins in 2021

/in


Kudos to Tonga’s ccTLD, the US Supreme Court, and others…

Security done right in 2021

Infosec headlines are typically dominated by data breaches, cyber-attacks, vulnerabilities, and other threats or incidents where human error often has a part to play.

The Daily Swig has decided to redress the balance by spotlighting some positive news stories highlighting commendable actions by cybersecurity professionals and organizations, developers and open source maintainers, and even journalists and judges.

(We haven’t included any ground-breaking security research that came out during 2021 – we’ll leave that to Portswigger researcher James Kettle’s forthcoming annual roundup of top web hacking techniques, a follow-up to the 2020 round-up.)

First website dedicated to revealing vulnerabilities in malware

The year kicked off with the launch of a pioneering database that indexes exploit code for security flaws in malware.

Founder John Page told The Daily Swig that the repository might be “useful for incident response teams to eradicate a malware without touching the machine”, and “may eventually pit a malware vs. malware situation, who knows.”

Similarly, Abuse.ch unveiled a platform for sharing and requesting indicators of compromise (IoCs) associated with various malware strains in March.

SolarWinds blow away US government cybersecurity complacency

The SolarWinds attack that hit federal agencies and blue chip companies alike at the end of 2020 served as a wake-up call for the White House.

An Executive Order signed by newly elected President Biden in May set the tone for a busy year on the cybersecurity front.

There followed new rules on reporting ransomware payments and securing critical transport infrastructure; an overhaul of federal government software procurement practices; a series of 60-day ‘sprints’ aimed at building cyber resilience; plans for US federal agencies to establish a system for rapidly patching hundreds of known, exploited flaws; a ‘Hack the DHS’ bug bounty program; and a first-ever vulnerability disclosure program for federal civilian agencies.

“The administration is making good steps insofar as bringing it to light, starting initiatives,…

Source…