Demanding Security from your Vendors

How does any organization have a productive and meaningful security conversation? This guide offers a simple and meaningful security conversation guide. These conversations would help the organization determine the real security risk from their vendors.  This is an updated version of a set of questions Operators (and vendors) can use to have these meaningful conversations. 

How to prevent a “security embarrassment?”

On Oct 7, 2014, a security researcher, Jonathan Hall, posted details of a potential Bash/Shellshock vulnerability on Yahoo’s infrastructure: http://www.futuresouth.us/yahoo_hacked.html https://www.reddit.com/r/technology/comments/2ifbjb/yahoo_got_hacked_this_morning_hooray_for/ As it turned out, it was NOT a Bach/Shellshock issue. As Alex Stamos, Yahoo’s chief information security officer wrote, “it turns out that the servers were in fact not affected by Shellshock.” (see https://news.ycombinator.com/item?id=8418809). Read More