SECURITY INFLUENCERS BLOG

Security Influencers provides real-world insight and “in-the-trenches” experiences on topics ranging from software application security to DevOps and cloud security.

START FREE TRIAL

The WikiLeaks CIA Dump Dominates AppSec News Coverage

WikiLeaks has been dominating recent news when it released "Vault 7", a new series of leaks it claims came from the United States Central Intelligence Agency (CIA). WikiLeaks delared that Vault 7  "is the largest ever publication of confidential documents on the agency." Part of the series, titled "Year Zero" outlines the CIA's hacking program, and discusses "zero day" exploits. The release is totally fascinating; you may want to set aside time to read it in depth.

In response to the WikiLeaks announcement Contrast Security Co-founder and CTO, Jeff Williams, provided commentary to several news articles, including WIRED, eSecurity Planet, and CyberScoop. Below are excerpts from those articles, along with links to the full, in-depth article. 

IN THE NEWS....

WikiLeaks CIA Dump Gives Russian Hacking Deniers the Perfect Ammo

WIRED, by Issie Lapowsky and Lily Hay Newman
"Never accuse WikiLeaks of getting its timing wrong. Last fall, the group perfectly paced its steady drip of John Podesta’s emails to undermine Hillary Clinton’s 2016 campaign.

Now, as the capital thrums with chaos, it has unleashed a cloud of confusion that makes it hard for experts to discern the facts and easy for non-experts to see whatever they want..."

“I suspect many will be outraged by this development, and will assume that the CIA used these techniques broadly to surveil American citizens through their TVs, smartphones, computers, and other devices.”

Jeff Williams,
Contrast Security
Co-founder & CTO

Click here to read the full article, "WikiLeaks CIA Dump Gives Russian Hacking Deniers the Perfect Ammo" from WIRED. 

New Call-to-action


Also, in the news...

WikiLeaks Dumps CIA Hacking Docs

eSecurity Planet, Jeff Goldman
WikiLeaks yesterday released the first part of what it's calling "Vault 7," a series of leaks it claims are taken from the U.S. Central Intelligence Agency. In response, Contrast Security CTO Jeff Williams said the answer isn't to focus on "cyber arms control," which he said will never work. "We need a massive increased focus on writing secure code and defending against attacks," he said. "As a nation, we are simply incapable of reliably writing code that isn’t susceptible to these attacks," Williams continued. "But it’s not impossible. It’s not even that difficult. But we have to change the incentives in the software market, which currently don’t encourage writing secure code." 

Click here to read this full article >>


WikiLeaks dump reignites debate over feds hoarding zero days

CyberScoop, 3/8, Shaun Waterman  
The document dump by anti-secrecy group WikiLeaks that identifies alleged CIA hacking tools has reopened a vigorous debate about whether the U.S. government should secretly stockpile cyber-weapons. Critics say the publication of source code for the CIA cyber-weapons would be a cybersecurity disaster akin to the release of anthrax from a government laboratory — and are calling for a new policy… But Contrast Security CTO Jeff Williams disagreed. “The right path forward is not to focus on ‘cyber arms control,’ which will never work,” he told CyberScoop. “We need a massive increased focus on writing secure code,” he continued. Writing secure code is “not impossible. It’s not even that difficult. But we have to change the incentives in the software market, which currently don’t encourage writing secure code.”

Read the full CyberScoop post here >>

 

Christine Carrig, Director of Marketing

Christine Carrig, Director of Marketing

Christine’s wide breadth of marketing experience has been focused on driving revenue, building brand recognition, and creating demand-generation programs in technology organizations. For the past 11 years, her deep understanding of marketing principles, coupled with forward thinking, has been instrumental in transforming application security start-ups into successful, profitable companies.

SUBSCRIBE TO THE BLOG