Platform
Contrast Secure Code Platform

Contrast Scan (SAST)

Contrast Assess (IAST)

Contrast Protect (RASP)

Contrast Software Composition Analysis (SCA)
Developer Central

Log4j Response

Pricing

How We Compare

Languages

Integrations
Solutions
BY USE CASE

Why IAST?

DevSecOps

Automated Penetration Testing

AppSec Monitoring

API Security

Software Supply Chain Security

Runtime Protection

Software Bills of Materials (SBOMs)

GitHub CI/CD

Compliance Testing

Services

BY DEPARTMENT

Dev and DevOps Teams

Security

DevSecOps

CISO

BY INDUSTRY

Government

Financial Services

Healthcare

Others
Partner
Technology Partners

Systems Integrators

Ecosystem Integrations

Managed Security Services Providers

Channel Partners Overview

Cloud Partners

GitHub
Partner Program Overview

Become a Partner

Find a Partner

Visit Partner Portal
GITHUB ACTIONS BLOG SERIES, PART 1: PIPELINE NATIVE CODE ANALYSIS

Read the Blog
Customers
Company
About Us

Leadership Team

Culture & Careers

Women of Contrast

Contact Us
Blog

Events & Webinars

Newsroom

Podcast

Awards
Contrast Security recognized as a Visionary by Gartner in Application Security Testing.

Learn More
Resources
Contrast for Developers

Contrast Secure Code Learn Hub

Contrast Community

Resource Center

OWASP Top 10

Accountability & Transparency

SBOMs

ContrastLive

Support

Services

Trust Center

Documentation

Product Release Notes

Blog

Podcast

Events

Glossary
Contrast Incident Response Hub

Spring4Shell Vulnerability

Log4j Vulnerability

Weekly CISO Update

Trust Center
Developers

The WikiLeaks CIA Dump Dominates AppSec News Coverage

By Christine Carrig, Director of Marketing

March 21, 2017

WikiLeaks has been dominating recent news when it released "Vault 7", a new series of leaks it claims came from the United States Central Intelligence Agency (CIA). WikiLeaks declared that Vault 7 "is the largest ever publication of confidential documents on the agency." Part of the series, titled "Year Zero" outlines the CIA's hacking program, and discusses "zero day" exploits. The release is totally fascinating; you may want to set aside time to read it in depth.

In response to the WikiLeaks announcement Contrast Security Co-founder and CTO, Jeff Williams, provided commentary to several news articles, including WIRED, eSecurity Planet, and CyberScoop. Below are excerpts from those articles, along with links to the full, in-depth article.

IN THE NEWS....

WikiLeaks CIA Dump Gives Russian Hacking Deniers the Perfect Ammo

WIRED, by Issie Lapowsky and Lily Hay Newman
"Never accuse WikiLeaks of getting its timing wrong. Last fall, the group perfectly paced its steady drip of John Podesta’s emails to undermine Hillary Clinton’s 2016 campaign.

Now, as the capital thrums with chaos, it has unleashed a cloud of confusion that makes it hard for experts to discern the facts and easy for non-experts to see whatever they want..."

“I suspect many will be outraged by this development, and will assume that the CIA used these techniques broadly to surveil American citizens through their TVs, smartphones, computers, and other devices.”

Jeff Williams,
Contrast Security
Co-founder & CTO

Click here to read the full article, "WikiLeaks CIA Dump Gives Russian Hacking Deniers the Perfect Ammo" from WIRED.

Also, in the news...

WikiLeaks Dumps CIA Hacking Docs

eSecurity Planet, Jeff Goldman
WikiLeaks yesterday released the first part of what it's calling "Vault 7," a series of leaks it claims are taken from the U.S. Central Intelligence Agency. In response, Contrast Security CTO Jeff Williams said the answer isn't to focus on "cyber arms control," which he said will never work. "We need a massive increased focus on writing secure code and defending against attacks," he said. "As a nation, we are simply incapable of reliably writing code that isn’t susceptible to these attacks," Williams continued. "But it’s not impossible. It’s not even that difficult. But we have to change the incentives in the software market, which currently don’t encourage writing secure code."

Click here to read this full article >>

WikiLeaks dump reignites debate over feds hoarding zero days

CyberScoop, 3/8, Shaun Waterman
The document dump by anti-secrecy group WikiLeaks that identifies alleged CIA hacking tools has reopened a vigorous debate about whether the U.S. government should secretly stockpile cyber-weapons. Critics say the publication of source code for the CIA cyber-weapons would be a cybersecurity disaster akin to the release of anthrax from a government laboratory — and are calling for a new policy… But Contrast Security CTO Jeff Williams disagreed. “The right path forward is not to focus on ‘cyber arms control,’ which will never work,” he told CyberScoop. “We need a massive increased focus on writing secure code,” he continued. Writing secure code is “not impossible. It’s not even that difficult. But we have to change the incentives in the software market, which currently don’t encourage writing secure code.”

Read the full CyberScoop post here >>

Hacked Contrast News

Christine Carrig, Director of Marketing

Christine’s wide breadth of marketing experience has been focused on driving revenue, building brand recognition, and creating demand-generation programs in technology organizations. For the past 11 years, her deep understanding of marketing principles, coupled with forward thinking, has been instrumental in transforming application security start-ups into successful, profitable companies.

Crash Testing your Connected Stuff — Before you Get Hacked!

7 Things to Ask Yourself About Software Security

BY USE CASE

BY DEPARTMENT

BY INDUSTRY

GITHUB ACTIONS BLOG SERIES, PART 1: PIPELINE NATIVE CODE ANALYSIS

Contrast Security recognized as a Visionary by Gartner in Application Security Testing.

Contrast Incident Response Hub