The Qwiet Blog

2023 Cybersecurity predictions covering shifts in hacker behavior, the role of AI in cybersecurity, and so much more from industry leading expert, Chetan Conikee, CTO and Co-founder of ShiftLeft.

Why does software security matter? From the rise of the internet to an entirely interconnected world The last 30 years have seen remarkable developments in computer technology and the emergence of the internet. It’s incredible to think about how much more connected and pervasive the internet has become since the turn of the century. Nowadays, […]

The Tech Trailblazer Awards has named ShiftLeft as one of the year’s best new companies. As the first independent global awards program dedicated to the enterprise technology startup ecosystem, the Tech Trailblazers Awards recognizes and rewards leading startups, innovations, and individuals from around the globe. Among the cohort of winners across 15 different categories and […]

The internet has been on fire since the launch of ChatGPT. This AI powered chatbot was released late November and people wasted no time in finding humorous, thought provoking, and potentially dangerous uses for it. At the core, any AI is only as good as the information and prompts you feed into it and this […]

In the age of digital transformation, every company has become a software company. And with software comes vulnerabilities and malicious attackers who will try to exploit them. These digital enterprises have been seeking a way to pre-empt, prevent, and defend themselves against these attacks–a way to shift security left. The concept and process of shifting […]

Spring unauthenticated RCE via classLoader manipulation A critical zero-day vulnerability in the Spring framework was recently reported to Spring’s maintainer, VMWare. The vulnerability is an unauthenticated remote code execution vulnerability that affects Spring MVC and Spring WebFlux applications. You can find the CVE here. What is affected? The Spring4Shell RCE vulnerability allows attackers to execute code […]

There are plenty of good and popular caching libraries on the JVM, including ehcache, guava, and many others. However, in some situations it’s worth exploring other options. Maybe you need better performance. Or you want to allow the cache to grow and fill up the entire heap, yet shrink automatically when your application needs more […]

It is impossible to manage security posture without considering two key factors in any potential vulnerability or security flaw: reachability and risk. The two factors are related. Reachability defines the degree to which a given security vulnerability that is detected, such as a CVE, can actually be attacked and exploited to gain privileged access and […]

How can one measure and mitigate the security risks in open source software? This is a crucial topic that is now becoming a major issue in the software development community. In this chapter, we will dive into the work we have done at Google, in collaboration with Open Source Security Foundation (OSSF) to make it […]