What makes a good CSO? In the wake of the Equifax breach, we talk about the controversy over that company’s CSO’s music degree. Also: we talk with Signal Sciences about why companies keep getting hacked via application vulnerabilities like the Apache Struts hole that felled Equifax.
Equifax’s AppSec Problem
Also: we go deep on the “how” of the Equifax hack: speaking with two experts on the subject of web application security: Signal Sciences CEO Andrew Peterson and its VP of Marketing and Strategy Tyler Shields. They tell us that incidents like the Equifax hack are evidence that companies are under investing in application security. That’s true even when its clear that hackers are using application vulnerabilities as a path to sensitive corporate data.
“We’re dangerously behind in how we’re funding the web application security space,” Peterson told us. A big reason for that: continued spending on legacy security investments in network hardware.
Finally, Mike Pittenger of the open source software management firm Black Duck Software joins us to talk about the difficulty that software companies have tracking and monitoring that software within their environment. Mike says that more eyes than ever are pouring over open source software. They are finding security holes like the one hackers exploited in Apache Struts are being discovered every day: most belong to “white hat” security researchers, not cyber criminals.
Check our full conversation in our latest Security Ledger podcast below or over at Soundcloud. You can also listen to it on iTunes. As always, if you like our intro music, give some love to the group JoeLess Shoe, who recorded “Baxton,” the song we use in just about every podcast.