WoTT Security BlogMusings, thoughts, ideas, releases on security
open-sourceThe DevSecOps IcebergBy Viktor Petersson on November 29, 2019
Security is a complicated topic. There are countless attack vectors and threat models to take into consideration when designing a security strategy. Over the last year, we’ve spoken to companies of different sizes about their security strategies and practices. Based on these discussions, we’ve come up with something we call the DevSecOps... Continue reading
Introducing WoTT's GitHub IntegrationBy Viktor Petersson on November 27, 2019
There’s no doubt that GitHub has become one of the most popular platforms for developer collaboration and communication. Increasingly, GitHub is also used for project management across developer and Dev(Sec)Ops teams. Because of this, it is increasingly where the security fixes are being tracked too. For instance, GitHub recently announced their Security... Continue reading
New Space and the Future (as well as the past) of IoTBy Fiona McAllister on November 20, 2019
Introduction In a world full of buzzwords, you’ve probably already come across the term ‘New Space.’ But, what exactly is it and why should you as developers care about it? WoTT is a security company aimed at Linux distros to secure server to receiver connections in an easy, flexible way. So where... Continue reading
Security audit checklist for linux systemsBy Al Esmail on October 04, 2019
We so often hear from developers that they don’t need to worry about cyber security because they’re too small to be targeted or because they trust their service providers to take care of it for them. Sound like someone you know? Well, let’s start with a quick synopsis of recent cloud failures... Continue reading
IoT Encryption Failures and how to avoid themBy Nikoletta Triantafyllopoulou on August 28, 2019
IoT encryption failures and how to avoid them Introduction The stories of misconfigured security systems leading to leaks of client data are common. Take for example the Equifax data breach back in 2017. The vulnerability was detected with a great delay due to expired certificates. According to Venafi The device inspecting encrypted... Continue reading
The Future of IoTBy Nikoletta Triantafyllopoulou on August 16, 2019
The Future of IoT Introduction The Future of IoT is both fascinating and challenging. As the number of connected devices is expected to triple by 2025, there are many significant questions and issues rising. Such as what does this mean for the Industry? What implications does this create? To start with, security... Continue reading
IoT Security Issues and ChallengesBy Nikoletta Triantafyllopoulou on August 12, 2019
IoT Security Issues and Challenges IoT Security issues are quite a challenge for this burgeoning industry. There is a growing number of devices, applications and systems which turn to IoT. This helps them to upscale their efficiency and their services and to make life easier for users. So let us take a... Continue reading
Why open source solutions are critical for IoTBy Al Esmail on June 25, 2019
TL;DR IoT needs one ring to rule them all and it’s not a platform. In my last post, I described the relevance of open source security. For very different reasons, I will argue here that the internet of things (and cyber-physical systems in general) are in desperate need of open source software... Continue reading
Why open source is critical for InfoSecBy Al Esmail on June 24, 2019
TL;DR Proprietary security is a fresh cow pie hiding in the tall grass. Figure 1 - How I imagine decision fatigued CTOs see the world when speaking to proprietary security vendors. Can you spot the cow pie? In a previous post, I advocated for the merits of DevSecOps and shift left security.... Continue reading
Why shift-left security is relevant for IoTBy Al Esmail on June 23, 2019
TL;DR Cyber is best handled by developers with big, bulging…brains. Figure 1 - Cyber is sexier than a Harvard trained, Academy Award winning actress. In our first blog post, I articulated that we are strong proponents of shift-left security. The idea that security should be incorporated as early as possible during application... Continue reading