The Qwiet blog

The Biden Administration released its National Cybersecurity Strategy last week. It aims to address the increasing threat of cyberattacks and protect America’s critical infrastructure, data, and networks. With cybersecurity becoming an ever more pressing issue, the strategy sets out a comprehensive approach that focuses on safeguarding government and private sector networks, reducing risk, and enhancing […]

As we embark on this new chapter in application security, it’s important to understand how AI and machine learning can provide greater understanding and insight into vulnerabilities than older methods of detection. In this article we will cover the following: The risk of using vulnerable dependencies (directly or transitively) Not all vulnerabilities pose risk. Why not? […]

Today is the day that all of us at ShiftLeft have been waiting for, the opportunity to share our value, vision and strategy to the world. The company has been reducing the noise that plagues the AppSec industry for some of the world’s largest companies through dramatic innovation like our code property graph and reachability […]

New Name, New Logo Shows Focus on “Preventing the Unpreventable” in the future of AppSec Disruptive startup led by cybersecurity AI pioneer Stuart McClure relaunches to reflect radical impact their platform is having on the world of AppSec and DevSecOps San Jose, CA. February 15, 2023—ShiftLeft, the first in the AppSec industry to provide AI-powered […]

AI Findings Qwiet AI has introduced a new finding category within the preZero application.  In addition to the standard fields at the top of the screen, a new category labeled “AI Findings” will now be visible. This is the first iteration of the AI/ML detection engine within the preZero platform, which will have a tremendous […]

Walk, Talk and Act like your internal customers: Product Engineering In my previous role at Nielsen, Clay Carter and Sam Neely did a phenomenal job of organizing the Product Security function into what closely resembles an engineering function. Product Managers oversaw services built internally and off the shelf. These services go through release planning, sprints […]

The Background Cybercriminals are currently exploiting a vulnerability in the popular server administration tool Control Web Panel (CWP). This vulnerability allows for a fairly trivial remote code execution (RCE), requiring no authentication. A recent Shodan search shows over 426,000 servers currently running CWP (down from around 435,000 servers a couple days ago) around the globe. […]

I have been fortunate enough to lead both engineering teams and security teams. I have felt the pain on both sides. On the engineering side, I felt the pressure of delivering for my product leaders and client services teams. On the Security side, I pressed hard to achieve acceptable risk levels and to remove vulnerabilities […]

CircleCI is currently investigating a security incident. We reached out to our customers using CircleCI as their development platform, but thought it important to share this information with the wider community. Their official announcement can be read here, but the key takeaways are: While CircleCI is sharing information on the key compromise, it’s important to […]