Cloud computing and modern service models of software or infrastructure distribution present a problem to providers and customers alike–namely, how to properly assess and certify components in a way that considers the relationship between different modules, platforms, and apps. FedRAMP requirements define how assessors and Authorization approach different cloud offering service models to mitigate the issues related to this complexity and ensure the security of any given cloud offering used by federal agencies.

Read More

When we talk about scans, tests, and authorization in the context of StateRAMP assessment, we tend to think that the process (and all its moving parts) are relatively stable and predictable. And, for the most part, this thinking is correct. However, it’s normal, and in some ways expected, to run into issues where scans and tests return problems that can halt a StateRAMP authorization process–even if there isn’t a clear and unmitigated system failure. These instances fall under the category of a vulnerability deviation, and cloud service providers have a path toward working around these issues and gaining their StateRAMP ATO.

Read More

Plagiarism isn’t new, and the proliferation of shady websites and questionable decisions from search engine giant Google has led to sinister and sometimes silly evolutions in what fraudsters can do with the theft of someone’s intellectual property.

According to Plagiarism Daily, we’re seeing a new outgrowth of plagiarism creep up on us. Gone are the days of spam sites stuffed with keywords and ungrammatical sentences. They’ve been replaced with more advanced (but still awful and questionably innovative) AI and web scraping techniques. Every day, business owners and content creators find their online IP stolen and used for the benefit of some scummy organization that, if they are lucky, can be stopped before they steal their money and reputation outright.

Unfortunately, we learned the lessons of plagiarism the hard way when we discovered that another company had lifted our content and business IP. While that’s a major nuisance for us as a company, it also implies some serious issues that could be coming to the security industry if we aren’t careful.

Read More