and now we have Sonic Wall…..

So ZDNet just dropped the bomb that SonicWall was hacked using zero-days in its own products!!!!

https://www.zdnet.com/article/sonicwall-says-it-was-hacked-using-zero-days-in-its-own-products/?&web_view=true

 This again brings home the issues we are facing. We are forgetting the basics, #codereview, Pawn2own, #Redteaming exercises, employing #devsecops in the process…. Getting the #Ciso and their teams involved from concept through the entire #projectmanagement phase.

Going forward we will see a marked increase in #boardmembers asking for #riskmanagement to take a more active role in these processes as the #leadership will be held more accountable for the impact product security flaws will have on the #shareholder value proposition.