Code Security and the Executive Order on Cybersecurity. What you need to know.

The last twelve months has shown just how high the stakes are to secure our nation’s cybersecurity infrastructure. Colonial pipeline, SolarWinds and Microsoft Exchange are just some of the most dangerous hacks with far-reaching consequences. Earlier this month, the White House signed an Executive Order charting a new course for our nation’s cybersecurity infrastructure.  In […]

How (and why) to rid software of insensitive language.

Words Matter “Words used carelessly, as if they did not matter in any serious way, often allowed otherwise well-guarded truths to seep through.” ― Douglas Adams “But if thought corrupts language, language can also corrupt thought.” ― George Orwell Bonus points for knowing the books these quotes come from. I’ve been in the software industry […]

Meet us at RSA, Win a Peloton

The world talks security at RSA, and this year, it’s completely virtual. BluBracket is exhibiting in the Early Stage Expo. For those who sign up here and/or meet with us at our booth, you’ll be entered to win a Peloton. This is an amazing way to get fit with very good odds of winning. If […]

Secure Your Software Supply Chain in 4 Easy Steps

The now infamous SolarWinds hack is the largest cybersecurity attack in history leaving hundreds of millions at risk, and unfortunately there are signs that the wave of copycat crimes are already underway. The culprits perpetrating these breaches attack what is now widely acknowledged as the most vulnerable and least protected cybersecurity attack surface within enterprises: […]

Sign Your Commits. Please.

Why Code Signing is Critical for Software Security Not that long ago, I worked for a company that didn’t have a DevSecOps team.  The company didn’t even really have a DevOps team.  Like many small, fledgling companies most of our devops was handled by backend developers, and they did a pretty decent job.  Obviously their […]

Software Supply Chain: Preventing Breaches Early

Secrets in code is one of the most common attack vectors today.  The Solarwinds attack is probably the most recent and egregious example, but for every Solarwinds incident there are dozens, if not hundreds, of similar breaches every day that go unreported.  Having a breach of any kind is, of course, a serious matter.  Even […]

SolarWinds: Intern leaked passwords on GitHub

Last week, SolarWinds’ CEO testified in front of Congress on the hack that is largely considered the most damaging in US history. Representatives chastised the company over how the now infamous password “solarwinds123” was used for a file server. Even more damaging, that password was found in publicly available repos on GitHub. From CNN: “Confronted […]

Finding Secrets in Code the DevSecOps way

Secrets in code have become a massive security challenge for two main reasons: Code driven automation is ubiquitous. Passwords and credentials are quite often accidentally, and sometimes intentionally, checked into code. SaaS and IaaS has led to proliferation of tokens used to invoke other services. These tokens, especially in publicly visible code, are a huge […]