Editor’s note: We had planned to publish our Hacky Holidays blog series throughout December 2021 – but then Log4Shell happened, and we dropped everything to focus on this major vulnerability that impacted the entire cybersecurity community worldwide. Now that it’s 2022, we’re feeling in need of some holiday cheer, and we hope you’re still in the spirit of the season, too. Throughout January, we’ll be publishing Hacky Holidays content (with a few tweaks, of course) to give the new year a festive start. So, grab an eggnog latte, line up the carols on Spotify, and let’s pick up where we left off.
It's not just Santa who gets to have all the fun — we in the security community also love to make our lists and check them twice. That's why we asked some of our trusty cybersecurity go-to's who and what they'd place on their industry-specific naughty and nice lists, respectively, for 2021. Here's who the experts we talked to would like to give a super-stuffed stocking filled with tokens of gratitude — and who's getting a lump of coal.
The nice list
Call me boring, but I am pretty stoked about the Minimum Viable Security Product (MVSP), the vendor-neutral checklist for vetting third-party companies. It has questions like whether a vendor performs annual comprehensive penetration testing on systems, complies with local laws and regulations like GDPR, implemented single sign-on, applies security patches on a frequent basis, maintains a list of sensitive data types that the application is expected to process, keeps an up-to-date data flow diagram indicating how sensitive data ..
Support the originator by clicking the read the rest link below.
