The Qwiet Blog

Shipping your software – and doing it on time – may be your first priority as a developer. However, as your company shifts security left, you need to build it into your processes while still meeting estimated timelines. Now you need to manage cross-functional communications and respond to seemingly competing priorities. You’re trying to debug […]

Shortcomings of static program analysis in practice Creating programs that analyze other programs is a fascinating idea in itself. It hurts me to say that static code analysis has a remarkably bad reputation among practitioners. If you have performed security assessments and used these tools, you may agree that pinpointing the concrete shortcomings of these […]

According to the 1980’s cartoon G.I. Joe, “knowing is half the battle.” Unfortunately, threat actors often have more information than their targets, which is why they’re so successful. For developers and AppSec teams, having information about threat actor tactics, techniques, and procedures (TTPs) helps even the digital battlefield.  Threat intelligence feeds provide data about malicious […]

The National Cybersecurity Strategy Implementation Plan plays a vital role in safeguarding the digital infrastructure of the nation. This comprehensive plan, outlined by the White House, is comprised of three pillars and sets forth a roadmap to enhance cybersecurity measures across various sectors.  Pillar Three of the implementation plan focuses on the need for developers […]

Software engineers’ ideal state includes being able to work with minimal disruption. This “flow state” is when they are most productive and have the best chance of delivering the products and features they are tasked with producing within the required timeline. Whenever something adversely impacts their flow state productivity, mental health, and overall effectiveness may […]

Our customers have repeatedly communicated a desire to deliver secure software without compromising software delivery timelines. At the same time, they have frequently reported that traditional software composition analysis (SCA) tools create an overwhelming number of open-source vulnerability tickets.   To quantify the problem, we ran an experiment with a cross-section of our customers. An analysis […]

There has been rapid digital transformation in the healthcare industry in recent years. While this has brought numerous benefits, it has also opened up new avenues for cyber threats and vulnerabilities. One such example is the Medtronic cardiac device security vulnerability, which has prompted the Cybersecurity and Infrastructure Security Agency (CISA) to issue an advisory […]

Artificial intelligence (AI) and machine learning (ML) have been in our daily lives for years. Simple examples of their pervasiveness include financial fraud detection, product search optimization, and ad targeting. In cybersecurity, we’ve been applying machine learning to endpoint detection for at least a decade. Other examples include k-means clustering in spam detection and intrusion […]

In the ever-evolving world of cybersecurity, staying informed about the latest threats and trends is crucial. To cater to the growing need for expert insights, we are thrilled to announce the launch of the new Hacking Exposed podcast. Hosted by renowned cybersecurity expert Stuart McClure, this podcast promises to be a treasure trove of knowledge […]