Open Security News Overview

Cyber security is a key quality aspect that can not be integrated later in a product. You can not create a better security architecture when your product is finished. Security is a core product quality aspect that can not be added later. Security should be seen as a foundation quality aspect that is developed in…

Security relies on understanding the present and past vulnerabilities within your hardware and software stack. Responsible software and hardware companies publish detailed information about known vulnerabilities. However, remember that the number of reported vulnerabilities for a product does never ever reflect its quality. In fact, a lack of openly published vulnerabilities should raise suspicion, as…

Security is complicated. This is why open development is a key factor and a precondition for creating secure solutions. Security is getting more important every day. Also due to the development of machine learning applications many data driven solutions are poisoned with privacy related data. Transparency and openness increase security protection levels. A good security…

We all deserve protection from abusive data practices like mass surveillance, browser tracking, demographic profiling, and data discrimination. Protecting privacy means preserving your and our digital autonomy, our freedom, and core democratic values. Technology will continue to enrich our lives and enable new possibilities for the future. There should be no tension between digital innovations…

Cyber solutions can be often simpler and far more effective. Most cyber security solutions are not future-proof and not maintainable in the long term. Most cyber security improvements programs end with more paperwork, more new fancy software tools without increased security resilience.

Good cyber security is and will be hard work. Almost every security professional uses the CVE system. But be cautious: The CVE system is broken and the database of existing CVEs is full of questionable content and plenty of downright lies. Cyber solutions can be often simpler and the best solution is rethinking if the…

Machine Learning (AI) is one of the most powerful technologies of our time. But machine learning is a complex technology that brings a lot of new cyber security and privacy risks. Cyber security is a field where commercial vendors of security solutions proclaim breakthrough innovations every week. But don’t fall for it: there is no…

Reducing cyber security risks is complex. The most simple solutions are the best. Finding simple IT solutions is hard. We need to stop reinventing the wheel. Creating software that meets trivial security and privacy design rules has proven to be very difficult. So improve existing solutions instead of creating new solutions that will fail again.…

Security by design is not a product. Nor a simple straight through process. Security by design can be viewed as a core philosophy to do the right things from a cyber security perspective in every action performed when developing and producing a new product. Too many organisations are depending on vulnerable vendor solutions for security…

Good cyber security is still a cost factor for companies. For too long we refuse to create simple systems for simple problems that can be easily adjusted and are resilient for common cyber security threads. We, security experts, are trained and brainwashed by commercial vendors to advocate for complex, expensive cyber security solutions that are costly…

Automation has changed our lives. Computers and all kinds of software enabled devices make our daily lives easier. Every year computer devices get more powerful, less expensive but also get more vulnerable to cyber security risks. Too often cyber security breaches have a severe impact on our safety and privacy. But most cyber security accidents…