Jason Chavarría
Why measure cybersecurity risk with our CVSSF metric?
We present some of the flaws of the traditional measure of cybersecurity risk and introduce CVSSF, the risk-exposure-based metric with which we overcome them.
Jason Chavarría
A lesson of this global IT crash is to shift left
A defect in a CrowdStrike sensor update made 8.5M devices crash. We think this event shows the importance of testing security from early stages of development.
Jason Chavarría
Transparency for fewer supply chain attacks
It should be easy to learn how committed the most used OSS libraries are to security. And that transparency we ask for we should practice ourselves.
Jason Chavarría
Develop bank applications that resist DDoS attacks
Banks are getting most of the DDoS attacks among financial services firms, which are being targeted more than before. Learn to secure your app from this threat.
Jason Chavarría
If the essential security layer is flawed, you're toast
You must not stop remediating vulnerabilities in your mobile apps just because you fully trust technologies such as RASP or anti-reverse engineering solutions.
Jason Chavarría
Our pick of the hardest challenges for ethical hackers
We share what to us are the 10 most challenging ethical hacking certifications, so that you can choose your next one and even trace a path to help your career.
Jason Chavarría
Understanding 51 new PCI DSS requirements made easy
PCI DSS v4.0 brings 51 new requirements that are best practices until March 2025. We share a classification that may help take it all in.
Jason Chavarría
Comply with the new requirements due for March 2024
Companies that store, handle or transfer account data must comply with PCI DSS v4.0 from March 31. We summarize its 13 new requirements to be met on that date.
Jason Chavarría
Six main items in an AI policy for software development
Your company should have a policy about generative AI usage for software development. Read our suggestions on the most important items to include.