AIOTI, ISO/IEC JTC1, ETSI, oneM2M and W3C Collaborate on Two Joint White Papers on Semantic Interoperability Targeting Developers and Standardization Engineers

Cross-organization expert group works together on accelerating adoption of semantic technologies in IoT.

AIOTI today announced its collaborative role in the publication of two joint white papers on semantic interoperability entitled Semantic IoT Solutions - A Developer Perspective and Towards semantic interoperability standards based on ontologies in conjunction with organizations closely tied to the advancement of the IoT ecosystem.

Read More...

First ETSI C-V2X interoperability event tests ETSI ITS and 3GPP standards

Registration now open!

Sophia Antipolis, 8 November 2019

ETSI, with experts from its Center for Testing and Interoperability, in partnership with the 5GAA, is organizing the first C‑V2X Plugtests^TM event.

Hosted by DEKRA in its Connected Vehicle Test Development Centre in Malaga from 2-6 December 2019, the event will enable vendors to run interoperability test sessions to assess the level of interoperability of their implementations and validate their understanding of the standards. Interoperability testing checks that devices built to the same standards can work together and provide the functionalities specified in the standards.

Read More...

First ETSI C-V2X interoperability event: success rate of 95% achieved

Sophia Antipolis, 11 December 2019

The first ETSI C-V2X Plugtests^TM, performed in partnership with 5GAA, came to a close with a success rate of 95% of the executed tests, showing an extremely positive level of multi-vendor interoperability. 320 test scenarios were executed in lab and field environments for interoperability with 70 people present onsite for testing.

Read More...

ETSI Open Source MANO unveils Release SEVEN, enables more than 20,000 cloud-native applications for NFV environments

Sophia Antipolis, 12 December 2019

Today, the ETSI Open Source MANO group is pleased to unveil its latest release, OSM Release SEVEN. This release brings cloud-native applications to NFV deployments, enabling OSM to on-board over 20,000 pre-existing production-ready Kubernetes applications, with no need of any translation or repackaging. OSM release SEVEN allows you to combine within the same Network Service the flexibility of cloud-native applications with the predictability of traditional virtual and physical network functions (VNFs and PNFs) and all the required advanced networking required to build complex end to end telecom services.

Read More...

ETSI launches new group on 5th generation Fixed Network shifting the paradigm from Fibre to the Home to Fiber to Everything Everywhere

Sophia Antipolis, 26 February 2020

ETSI announces today the launch of a new group dedicated to specifying the fifth generation of Fixed Network (ETSI ISG F5G). In a launch via an online press and industry briefing yesterday, various speakers expressed their view on the need for standardization in this area.

Read More...

Second ETSI C-V2X interoperability test event, remote, to connect vehicles in Europe and in the rest of the world

Register now for this remote event!

Sophia Antipolis, 5 May 2020

ETSI, in partnership with the 5GAA, is organizing the second “Cellular-Vehicle-to-Everything” (C-V2X) Plugtests^TM event. It will be held remotely, from 20 to 31 July 2020. ETSI has recently setup a remote lab for all participants, it leverages the ETSI Hub for Interoperability and Validation (HIVE) to interconnect participants’ labs and allow for multi-party interoperability testing.

Read More...

New ETSI group to develop standardization framework for secure smartphone-based proximity tracing systems, helping to break COVID-19 transmission chains

Sophia Antipolis, 12 May 2020

In response to the global coronavirus pandemic, the new ETSI Industry Specification Group “Europe for Privacy-Preserving Pandemic Protection” (ISG E4P) has been established to provide a standardization framework that will enable developers to build interoperable mobile apps for proximity detection and anonymous identification.

Read More...

New ETSI white paper: Harmonizing standards for edge computing, a synergized architecture leveraging ETSI ISG MEC and 3GPP specifications

Sophia Antipolis, 27 July 2020

Members and officials of the ETSI Multi-access Edge Computing group and the 3GPP SA WG6 have just published a new white paper which aims to harmonize standards for edge computing. The white paper highlights the role of standards for edge when edge computing is deployed in conjunction with mobile networks. It also reviews the leading efforts in the industry and introduces a synergized architecture which leverages the ETSI ISG MEC and 3GPP specifications. This paper highlights the value proposition of different standards streams and how those standards may be combined when it comes to deployments. Some deployment options are discussed.

Read More...

ETSI C-V2X Plugtest achieves interoperability success rate of 94%

Sophia Antipolis, 18 August 2020

ETSI has just released the report of its 2nd C-V2X Plugtests event organized remotely in partnership with the 5GAA the last week of July. The 81 remote participants benefited from ETSI’s remote lab to run their sessions in their own labs. Observers from different organizations witnessed the execution of 288 test sessions based on the ETSI test specification ETSI TS 103 600, and interoperability results were reported in the Test reporting tool. An overall interoperability success rate of 94% was achieved.

Read More...

ETSI Fifth Generation Fixed Network White Paper paves the way for Fibre to Everywhere and Everything

Sophia Antipolis, 30 September 2020

The ETSI ISG F5G (Fifth Generation Fixed Network) has released a White Paper that sets the scene for the evolution of on-premise, fixed access, and aggregation networks. In this White Paper, ETSI presents the vision, value, use cases, features, and technologies of F5G, aiming to foster a global effort to realize its full potential.

Read More...

ETSI Mission Critical Plugtests event achieves a 95% interoperability success rate

Sophia Antipolis, 2 November 2020

ETSI is pleased to announce it has now released the Report of its fifth MCX Plugtests^TM remote event that took place from 21 September to 2 October 2020. Results of the testing sessions outline an interoperability rate of 95%, giving industry a reliable set of standards for successful implementations.

Highlights of this event included initial railway-oriented capabilities in 3GPP Release-15, such as functional aliases, multi-talker, helping Future Railway Mobile Communication System (FRMCS) move forward. 173 delegates from all over the world executed around 1350 test cases in 169 test sessions, interoperability results were reported in the ETSI Test reporting tool. Around fifty new test cases were developed for this event and will be added to ETSI TS 103 564.

Read More...

Developers at MEC Hackathon challenged to trial edge computing for 5G at the Droidcon virtual event

Sophia Antipolis, 10 December 2020

The successful last edition of MEC Hackathons endorsed by ETSI took place on 25 to 26 November and was hosted by Droidcon Italy 2020 as a fully virtual event. The competition was open for developers to test their applications with ETSI MEC APIs (Application Programming Interfaces) in a variety of use cases. The organizing committee received a total of 14 submissions, including several topics, from Augmented Reality for Construction Sector, to consumer, media and entertainment application, to automotive services. Admitted teams were offered remote access to MEC servers and software platforms to develop mobile applications for advanced services in MEC-enabled 5G networks, using ETSI MEC technologies. They were also required to onboard their applications in real-life MEC systems and connect with the MEC APIs to receive simulated in-network data.

Read More...

ETSI announces MEC Sandbox for edge app developers

Sophia Antipolis, 6 January 2021

ETSI announces the launch of ETSI MEC Sandbox, available at https://try-mec.etsi.org/. The Sandbox is designed to allow application developers to experience and interact with an implementation of ETSI MEC APIs and test out their applications.  

Read More...

ETSI NFV and MEC API 2021 testing event Report now available

Sophia Antipolis, 16 April 2021

The ETSI NFV&MEC API Plugtests™ 2021 event, which ran remotely during the whole month of February, allowed participants to self-evaluate the conformance of their API server implementations with network function virtualization and multi-access edge computing API specifications. The event allowed also to validate and gather feedback on ETSI NFV and MEC API and Conformance Testing Specifications, and associated Robot test suites. The full Report, including results, findings and lessons learnt is now available HERE.

Read More...

ETSI announces first interoperability event for future railway communication

Sophia Antipolis, 19 April 2021

ETSI has announced that its Future Railway Mobile Communication System (FRMCS) Plugtests™ event will take place from 14 to 18 June 2021. Over 20 vendors and more than 80 participants will participate.

Read More...

ETSI's Director-General speaks of the future of railway mobile communication systems at COIT event

Sophia Antipolis, 28 June 2021

On 23 June, as part of the commemoration of the European Year of Rail, the COIT Smart Railways Working Group conducted an online session to publicise the features and advantages of the FRMCS (Future Railway Mobile Communication System). This system will replace the current GSM-R and technologically mark the next decades of a means of transport that is living its best moment.

Read More...

ETSI launches new White Paper titled Fibre Development Index: Driving Towards an F5G Gigabit Society

Sophia Antipolis, 19 August 2021

Fibre and fibre-based optical networks are the key technical enablers of our society's twin transitions (green and digital), providing sustainable and cost-effective communication with high bandwidth, stability, reliability, and improved latency. In addition, the fibre evolution enables sustainable economic growth through advanced services and applications for users, businesses, and industries.

The new ETSI White Paper explains the methodology used to define a fibre development index, provides migration path recommendations to countries with different fibre development, and highlights the importance of setting policies to underpin that twin (green and digital) transformation.

Read More...

ETSI Open Source MANO announces OSM Release ELEVEN

Sophia Antipolis, 7 December 2021

ETSI is pleased to announce OSM Release ELEVEN. Committed since its foundation to the alignment with ETSI standardization work, this release completes the adoption of two new ETSI NFV specifications, ETSI GS NFV-SOL004 and ETSI GS NFV-SOL007 for package formats. Standards adoption is part of the OSM vision to enable interoperability and a large and healthy NFV ecosystem. In addition, Release ELEVEN includes significant functional extensions in areas such as interoperability with public clouds, interaction with cloud-native environments and integration of network functions of different natures.

Read More...

ETSI 6^th MCX Plugtests event reports a success rate of 97.6%

Sophia Antipolis, 16 December 2021

ETSI is pleased to release the Report of its sixth MCX Plugtests event. Organized with the support of the European Commission, EFTA, TCCA and UIC, it was held in hybrid mode from 8 to 19 November 2021, with LTE assisted testing at University of Malaga, Spain. Vendors had the possibility to send equipment to the University of Malaga (UMA) for participating in end-to-end testing. They could use the LTE test network available on the premises and rely on the UMA experts onsite to run interoperability test sessions on the network without being present.

Read More...

Newly launched C-V2X service demonstrated at ETSI Plugtests event

Sophia Antipolis, 31 March 2022

Today at the 3^rd ETSI C‑V2X PLUGTESTS^TM interoperability event, held in partnership with 5GAA and hosted by DEKRA, Vodafone has demonstrated a new C-V2X platform designed to connect road users directly with transport authorities, enabling safety information, hazard warnings and traffic updates to be shared with users in real-time. Announced yesterday, the new C-V2X platform is based on ETSI TC ITS and 3GPP mobile communication standards. Vodafone plans to launch the platform within its own Vodafone Automotive apps later this year.

Read More...

ETSI C-V2X Plugtests event achieves a 93% interoperability success rate

Sophia Antipolis, 21 April 2022

The 3^rd ETSI C-V2X Plugtests^TM event, held in partnership with 5GAA and hosted by DEKRA from 28 March to 1^st April, achieved a success rate of 93% of the executed tests, showing an extremely positive level of multi-vendor interoperability. 226 test scenarios were executed in a laboratory and outdoor environment for interoperability, with 80 people from 25 companies participating in onsite and remote testing. All results are available in the newly released Report.

Read More...

Sophia Antipolis, 13 June 2022

The 2nd FRMCS Plugtests^TM event, organized remotely by ETSI with the support of the European Commission, EFTA, TCCA and UIC from 16 to 20 May 2022, has concluded with a success rate of 95% of the executed tests.

ETSI Plugtests events are essential to ensure seamless access to mission critical services across different vendors’ products and implementations. The MCX ETSI Plugtests series is the first independent testing of public safety and other mission critical LTE services. The MCX services are the basis for the Future Rail Mobile Communications System (FRMCS), and tests are based on the MCX (collectively for MCPTT, MCVideo and MCData services) framework.

Read More...

New ETSI White Paper and MEC Hackathon: another step to engage with app developers and verticals

Sophia Antipolis, 16 June 2022

The ETSI MEC (Multi-access Edge Computing) group is pleased to announce a new White Paper which aims to describe the deployment options related to MEC federation, especially from an architectural point of view. With a key focus on ETSI MEC implementations, it also aims to provide an open approach taking into account other standards and technologies, including those from 3GPP SA Working Group 6 and GSMA OPG. For this purpose, the White Paper first analyses the recent publications of GSMA OPG and recent updates in ETSI MEC and 3GPP specifications, then introduces the synergized architecture supported by both standards organizations, which indicates the background information for the deployment of MEC federation harmonized standards for edge computing.

Read More...

ETSI eSignature testing event helps industry to comply with EU regulation

Sophia Antipolis, 22 July 2022

With the eIDAS Regulation, European Union Member States have put in place the necessary technical means to process electronically signed documents that are required when using an online service offered by, or on behalf of, a public sector body. In order to ensure that the cross-border dimension works in practice, testing needs to be done to mutually check Member States’ signatures against their existing digital signature validation applications.

Read More...

Testing of trustworthy systems. Register now for the ETSI UCAAT event!

Sophia Antipolis, 25 July 2022

The well-established UCAAT event addresses the practical challenges of testing and test automation faced by industry today. UCAAT 2022 will be hosted by Siemens in Munich on 13-15 September. Registration is now open. Join us!

Read More...

ETSI flagship event Security Conference attracts nearly 200 attendees onsite

Sophia Antipolis, 7 October 2022

The sun was shining this week on one of ETSI’ s flagship events, the Security Conference, where the number of participants onsite reached nearly 200 attendees, from 27 countries.

Read More...

ETSI Event: How to teach the Next Generation of ICT Standards People

Sophia Antipolis, 12 October 2022

On 6 October, ETSI organized its first workshop dedicated to present the full teaching material for ICT standardization, available from our website. The ETSI education about standardization programme started in 2016. This event was addressed to educators at university level and professionals. The audience comprised national standards organizations, university professors and Intellectual Property experts.

Read More...

ETSI Mission Critical testing event reports a 96% success rate

Sophia Antipolis, 16 December 2022

The capabilities of Mission Critical Push-to-Talk (MCPTT), Mission Critical Data (MCData) and Mission Critical Video (MCVideo) – together abbreviated as MCX services – were tested during the seventh MCX Plugtests™ from 07 November to 11 November 2022 at the University of Malaga (UMA). The MCX ETSI Plugtests series is the first independent testing of public safety and other mission critical services over LTE and 5G networks.

Read More...

Sophia Antipolis, 2 February 2023

ETSI, the organization for globally applicable standards for information and communication technology (ICT), has adopted a new instrument, Software Development Groups (SDGs). This game-changing move will help ETSI adapt to the ever-evolving landscape of technology and standards development. Developing software to accompany standards will accelerate the standardization process, providing faster feedback loops and improving the quality of standards.

Read More...

Sophia Antipolis, 16 February 2023

The 9th face-to-face ETSI-IQC Quantum-Safe Cryptography event this week attracted a large audience of nearly 200 people from Europe, North America and Asia, bringing together industry, academia and government. The event was kicked off by ETSI Director-General Luis Jorge Romero, who gave an overview of the quantum-safe standardization journey since the first workshop in 2013 and reiterated ETSI’s continued support for this important global effort.

Read More...

Testing end-to-end service configuration of Millimetre Wave network devices in a Software Defined network using NETCONF

Sophia Antipolis, 8 March 2023

ETSI has organized the fourth millimetre Wave Transmission (mWT) Software Defined Networking (SDN) Plugtests™ event from 20 to 24 February 2023. The event took place at the ETSI headquarters, in Sophia Antipolis, France.

Read More...

Sophia Antipolis, 22 June 2023

ETSI has just released a new White Paper on “MEC Support for Edge Native Design” written by members of the ETSI Multi-access Edge Computing group (ISG MEC). This White Paper provides an overview and vision about the Edge Native approach, as a natural evolution of Cloud Native. 

Read More...

Sophia Antipolis, 3 July 2023

ETSI is starting today its 3rd FRMCS (Future Railway Mobile Communication System) Plugtests™ event. GSM-R is one of the main standards for railway telecommunication services. It is developed and maintained by the ETSI Technical Committee Railway Telecommunications. With the increased need for more throughput, higher capacity and flexible deployment options, FRMCS is being developed based on 3GPP Mission Critical Services.

Read More...

Sophia Antipolis, 25 July 2023

ETSI is proud to announce the establishment of its first Software Development Group, called OpenSlice. With this group, ETSI positions itself as a focal point for development and experimentation with network slicing.

Read More...

Sophia Antipolis, 1 September 2023

The Report of the 3rd interoperability Plugtests™ event for the Future Railway Mobile Communication System (FRMCS) is now available. All executed tests achieved an interoperability success rate of 86%.

Read More...

Sophia Antipolis, 16 October 2023

The ETSI’s 8^th MCX (mission-critical) Plugtests event concluded last week at the University of Malaga. The event received support from the European Union (EU), the Critical Communications Association (TCCA), the European Free Trade Association (EFTA), EUTC (European Utilities Telecom Council) and the International Union of Railways (UIC).

Read More...

Sophia Antipolis, 9 November 2023

ETSI is delighted to announce the establishment of a new Software Development Group, called OpenCAPIF. OpenCAPIF is developing an open-source Common API Framework, as defined by 3GPP, allowing for secure and consistent exposure and use of APIs.

Read More...

Sophia Antipolis, 22 November 2023

The Report of the eight MCX Plugtests™ event that took place from 9 October to 13 October 2023 at University of Malaga (UMA) is now available. The Report shows a success rate of 95% interoperability of the 3GPP mission critical services executed tests.  

Read More...

As the project celebrates the 25th anniversary of the signing of the 3GPP Project Agreement, the 3GPP Organizational Partners have today issued the following joint press release.

Sophia Antipolis, 4 December 2023

With its work on 3G, 4G and 5G specifications used by billions of communications services consumers globally, 3GPP stands ready to create the 6G future.

Read More...

Sophia Antipolis, 5 July 2024

ETSI is pleased to announce the successful conclusion of the FRMCS #4 Plugtests event, held at Sophia Antipolis, ETSI HQ, from July 1 – 5, 2024. This event brought together key stakeholders, including railway operators, telecom vendors, system integrators, and industry experts worldwide. ETSI organized the event with the support of the European Union, EFTA, TCCA-Critical Communications, and UIC— International Union of Railways.

Read More...

Sophia Antipolis, 8 October 2024

ETSI announces the completion of its Release 3 specifications on Fifth Generation Advanced Fixed Network (F5G-A). Building on the achievements of the Release 1 and Release 2, the ETSI ISG F5G has specified a series of new features and capabilities, further elevating fixed fiber networks to a new level:

• Specification of F5G Advanced
  ETSI ISG F5G unveiled the "F5G Advanced Generation Definition", which not only further enhances existing three foundational features of F5G-Enhanced Fixed Broadband (eFBB), Full Fiber Connectivity (FFC), and Guaranteed Reliable Experience (GRE), but also introduces three new key features: Real-time Resilient Link (RRL), Optical Sensing and Visualization (OSV), and Green Agile Optical network (GAO).

Read More...

Starts: Sat, 23 Nov 2024 16:30:00 -0500
11/23/2024 02:30:00PM
Location: Ottawa, Canada

Starts: Sat, 23 Nov 2024 18:30:00 -0500
11/23/2024 06:30:00PM
Location: Seoul, Korea (south)

Starts: Wed, 11 Dec 2024 19:00:00 -0500
12/11/2024 05:00:00PM
Location: Vancouver, Canada

As organizations create and store more data in the cloud, security teams must ensure the data is protected from cyberthreats. Learn more about what causes data breaches and about the best practices you can adopt to secure data stored in the cloud.

With the explosion of data being generated and stored in the cloud, hackers are creating new and innovative attack techniques to gain access to cloud environments and steal data. A review of recent major data breaches shows us that data thieves are using social engineering, hunting for exposed credentials, looking for unpatched vulnerabilities and misconfigurations and employing other sophisticated techniques to breach cloud environments.

A look at recent cloud data-breach trends

Here are some takeaways from major data breaches that have occurred this year:

• Managing the risk from your third-parties – partners, service providers, vendors – has always been critical. It’s even more so when these trusted organizations have access to your cloud environment and cloud data. You must make sure that your third-parties are using proper cloud-security protections to safeguard their access to your cloud data and to your cloud environment.
• Secure your identities. We’ve seen major data breaches this year tracked down to simple missteps like failing to protect highly-privileged admin accounts and services with multi-factor authentication (MFA). 
• Adopt best practices to prevent ransomware attacks, and to mitigate them if you get hit by one. Ransomware gangs know that a surefire way to pressure victims into paying ransoms is to hijack their systems and threaten to expose their sensitive data. 

So, how can you strengthen your data security posture against these types of attacks?

1. Implement a "zero trust" security framework that requires all users, whether inside or outside the organization, to be authenticated, authorized and continuously validated before being granted or maintaining access to data. This framework should allow only time-limited access and be based on the principle of least privilege, which limits access and usage to the minimum amount of data required to perform the job.
2. Use a cloud data security posture management (DSPM) solution to enforce the security framework through continuous monitoring, automation, prioritization and visibility. DSPM solutions can help organizations identify and prioritize data security risks based on their severity, allowing them to focus their resources on the most critical issues.
3. Regularly conduct risk assessments to detect and remediate security risks before they can be exploited by hackers. This can help prevent data breaches and minimize the impact of any security incidents that do occur.
4. Train employees on security best practices, including how to create strong passwords, how to identify risks and how to report suspicious activity.

By following these recommendations, organizations can significantly reduce their risk of a data breach and improve handling sensitive data belonging to their organization. As more and more data moves to the cloud and hackers become more sophisticated, it's essential to prioritize security and take proactive measures to protect against data risks. 

Learn more

• Webinar: Know Your Exposure: Is Your Cloud Data Secure in the Age of AI?
• Data Sheet: Data Security Posture Management (DSPM) Integrated into Tenable Cloud Security
• Data Sheet: Securing AI Resources and Data in the Cloud with Tenable Cloud Security
• Infographic: When CNAPP Met DSPM
• Video: Demo Video: Data Security Posture Management and AI Security Posture Management

Looking for help with shadow AI? Want to boost your software updates’ safety? New publications offer valuable tips. Plus, learn why GenAI and data security have become top drivers of cyber strategies. And get the latest on the top “no-nos” for software security; the EU’s new cyber law; and CISOs’ communications with boards.

Dive into six things that are top of mind for the week ending Oct. 25.

1 - CSA: How to prevent “shadow AI” 

As organizations scale up their AI adoption, they must closely track their AI assets to secure them and mitigate their cyber risk. This includes monitoring the usage of unapproved AI tools by employees — an issue known as “shadow AI.”

So how do you identify, manage and prevent shadow AI? You may find useful ideas in the Cloud Security Alliance’s new “AI Organizational Responsibilities: Governance, Risk Management, Compliance and Cultural Aspects” white paper.

The white paper covers shadow AI topics including:

• Creating a comprehensive inventory of AI systems
• Conducting gap analyses to spot discrepancies between approved and actual AI usage
• Implementing ways to detect unauthorized AI wares
• Establishing effective access controls
• Deploying monitoring techniques

“By focusing on these key areas, organizations can significantly reduce the risks associated with shadow AI, ensuring that all AI systems align with organizational policies, security standards, and regulatory requirements,” the white paper reads.

For example, to create an inventory that offers the required visibility into AI assets, the document explains different elements each record should have, such as:

• The asset’s description
• Information about its AI models
• Information about its data sets and data sources
• Information about the tools used for its development and deployment
• Detailed documentation about its lifecycle, regulatory compliance, ethical considerations and adherence to industry standards
• Records of its access control mechanisms

Shadow AI is one of four topics covered in the publication, which also unpacks risk management; governance and compliance; and safety culture and training.

To get more details, read:

• The full “AI Organizational Responsibilities: Governance, Risk Management, Compliance and Cultural Aspects” white paper
• A complementary slide presentation
• The CSA blog “Shadow AI Prevention: Safeguarding Your Organization’s AI Landscape”

For more information about AI security issues, including shadow AI, check out these Tenable blogs:

• “Do You Think You Have No AI Exposures? Think Again”
• “Securing the AI Attack Surface: Separating the Unknown from the Well Understood”
• “Never Trust User Inputs -- And AI Isn't an Exception: A Security-First Approach”
• “6 Best Practices for Implementing AI Securely and Ethically”
• “Compromising Microsoft's AI Healthcare Chatbot Service”

2 - Best practices for secure software updates

The security and reliability of software updates took center stage in July when an errant update caused massive and unprecedented tech outages globally.

To help prevent such episodes, U.S. and Australian cyber agencies have published “Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers.”

“It is critical for all software manufacturers to implement a safe software deployment program supported by verified processes, including robust testing and measurements,” reads the 12-page document.

Although the guide is aimed primarily at commercial software vendors, its recommendations can be useful for any organization with software development teams that deploy updates internally.

The guide outlines key steps for a secure software development process, including planning; development and testing; internal rollout; and controlled rollout. It also addresses errors and emergency protocols.

“A safe software deployment process should be integrated with the organization’s SDLC, quality program, risk tolerance, and understanding of the customer’s environment and operations,” reads the guide, authored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the Australian Cyber Security Centre.

To get more details, read:

• The “Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers” guide
• The CISA alert “CISA, US, and International Partners Release Joint Guidance to Assist Software Manufacturers with Safe Software Deployment Processes”

For more information about secure software updates:

• “Tenable’s Software Update Process Protects Customers’ Business Continuity with a Safe, Do-No-Harm Design” (Tenable)
• “The critical importance of robust release processes” (Cloud Native Computing Foundation)
• “Software Deployment Security: Risks and Best Practices” (DevOps.com)
• “Software Updates, A Double-Edged Sword for Cybersecurity Professionals” (Infosecurity)
• “DevOps Best Practices for Faster and More Reliable Software Delivery” (DevOps.com)

3 - Report: GenAI, attack variety, data security drive cyber strategies

What issues act as catalysts for organizations’ cybersecurity actions today? Hint: They’re fairly recent concerns. The promise and peril of generative AI ranks first. It’s closely followed by the ever growing variety of cyberattacks; and by the intensifying urgency to protect data.

That’s according to CompTIA’s “State of Cybersecurity 2025” report, based on a survey of almost 1,200 business and IT pros in North America and in parts of Europe and Asia. 

These three key factors, along with others like the scale of attacks, play a critical role in how organizations currently outline their cybersecurity game plans.

“Understanding these drivers is essential for organizations to develop proactive and adaptive cybersecurity strategies that address the evolving threat landscape and safeguard their digital assets,” reads a CompTIA blog about the report.

Organizations are eagerly trying to understand both how generative AI can help their cybersecurity programs and how this technology is being used by malicious actors to make cyberattacks harder to detect and prevent.

Meanwhile, concern about data protection has ballooned in the past couple of years. “As organizations become more data-driven, the need to protect sensitive information has never been more crucial,” reads the blog.

Not only are organizations focused on securing data at rest, in transit and in use, but they’re also creating foundational data-management practices, according to the report.

“The rise of AI has accelerated the need for robust data practices in order to properly train AI algorithms, and the demand for data science continues to be strong as businesses seek competitive differentiation,” the report reads.

To get more details, read:

• The report’s announcement “Cybersecurity success hinges on full organizational support, new CompTIA report asserts”
• CompTIA’s blogs “Today’s top drivers for cybersecurity strategy” and “Cybersecurity’s maturity: CompTIA’s State of Cybersecurity 2025 report”
• The full “State of Cybersecurity 2025” report

For more information about data security posture management (DSPM) and preventing AI-powered attacks, check out these Tenable resources:

• “Harden Your Cloud Security Posture by Protecting Your Cloud Data and AI Resources” (blog)
• “Know Your Exposure: Is Your Cloud Data Secure in the Age of AI?” (on-demand webinar)
• “The Data-Factor: Why Integrating DSPM Is Key to Your CNAPP Strategy” (blog)
• “Mitigating AI-Related Security Risks” (on-demand webinar)
• “Securing the AI Attack Surface: Separating the Unknown from the Well Understood” (blog)

4 - CISA lists software dev practices most harmful for security

Recommended best practices abound in the cybersecurity world. However, CISA and the FBI are taking the opposite tack in their quest to improve the security of software products: They just released a list of the worst security practices that software manufacturers ought to avoid.

Titled “Product Security Bad Practices,” the document groups the “no-nos” into three main categories: product properties; security features; and organizational processes and policies.

“It’s 2024, and basic, preventable software defects continue to enable crippling attacks against hospitals, schools, and other critical infrastructure. This has to stop,” CISA Director Jen Easterly said in a statement.

“These product security bad practices pose unacceptable risks in this day and age, and yet are all too common,” she added.

Here are some of the worst practices detailed in the document, which is part of CISA’s “Secure by Design” effort:

• Using programming languages considered “memory unsafe”
• Including user-provided input in SQL query strings
• Releasing a product with default passwords
• Releasing a product with known and exploited vulnerabilities
• Not using multi-factor authentication
• Failing to disclose vulnerabilities in a timely manner

Although the guidance is aimed primarily at software makers whose products are used by critical infrastructure organizations, the recommendations apply to all software manufacturers.

If you’re interested in sharing your feedback with CISA and the FBI, you can submit comments about the document until December 16, 2024 on the Federal Register.

To get more details, check out:

• CISA’s announcement “CISA and FBI Release Product Security Bad Practices for Public Comment”
• The full document “Product Security Bad Practices”

For more information about how to develop secure software:

• “Tenable Partners with CISA to Enhance Secure By Design Practices” (Tenable)
• “Ensuring Application Security from Design to Operation with DevSecOps” (DevOps.com)
• “What is application security?” (TechTarget)
• “Guidelines for Software Development (Australian Cyber Security Centre)

5 - New EU law focuses on cybersecurity of connected digital products

Makers of digital products — both software and hardware — that directly or indirectly connect to networks and to other devices will have to comply with specific cybersecurity safeguards in the European Union.

A newly adopted law known as the “Cyber Resilience Act” outlines cybersecurity requirements for the design, development, production and lifecycle maintenance of these types of products, including IoT wares such as connected cars.

For example, it specifies a number of “essential cybersecurity requirements” for these products, including that they:

• Aren’t shipped with known exploitable vulnerabilities
• Feature a “secure by default” configuration
• Can fix their vulnerabilities via automatic software updates
• Offer access protection via control mechanisms, such as authentication and identity management
• Protect the data they store, transmit and process using, for example, at-rest and in-transit encryption

“The new regulation aims to fill the gaps, clarify the links, and make the existing cybersecurity legislative framework more coherent, ensuring that products with digital components (...) are made secure throughout the supply chain and throughout their lifecycle,” reads a statement from the EU’s European Council.

The law will “enter into force” after its publication in the EU’s official journal and will apply and be enforceable 36 months later, so most likely in October 2027 or November 2027. However, some of its provisions will be enforceable a year prior.

For more information and analysis about the EU’s Cyber Resilience Act:

• “Cyber Resilience Act Requirements Standards Mapping” (ENISA)
• “The Cyber Resilience Act, an Accidental European Alien Torts Statute?” (Lawfare)
• “EU Cybersecurity Regulation Adopted, Impacts Connected Products” (National Law Review)
• “Open source foundations unite on common standards for EU’s Cyber Resilience Act” (TechCrunch)
• “The Cyber Resilience Act: A New Era for Mobile App Developers” (DevOps.com)

VIDEO

The EU Cyber Resilience Act: A New Era for Business Engagement in Open Source Software (Linux Foundation) 

6 - UK cyber agency: CISOs must communicate better with boards

CISOs and boards of directors are struggling to understand each other, and this is increasing their organizations’ cyber risk, new research from the U.K.’s cyber agency has found.

For example, in one alarming finding, 80% of respondents, which included board members, CISOs and other cyber leaders in medium and large enterprises, confessed to being unsure of who is ultimately accountable for cybersecurity in their organizations.

“We found that in many organisations, the CISO (or equivalent role) thought that the Board was accountable, whilst the Board thought it was the CISO,” reads a blog about the research titled “How to talk to board members about cyber.”

As a result, the U.K. National Cyber Security Centre (NCSC) has released new guidance aimed at helping CISOs better communicate with their organizations’ boards titled “Engaging with Boards to improve the management of cyber security risk.”

“Cyber security is a strategic issue, which means you must engage with Boards on their terms and in their language to ensure the cyber risk is understood, managed and mitigated,” the document reads.

Here’s a small sampling of the advice:

• Understand your audience, including who are the board’s members and their areas of expertise; and how the board works, such as its meeting formats and its committees.
• Talk about cybersecurity in terms of risks, and outline these risks concretely and precisely, presenting them in a matter-of-fact way.
• Don’t limit your communication with board members to formal board meetings. Look for opportunities to talk to them individually or in small groups outside of these board meetings.
• Elevate the discussions so that you link cybersecurity with your organization’s business challenges, goals and context.
• Aim to provide a holistic view, and avoid using technical jargon.
• Aim to advise instead of to educate.

SAINT JOHN, NB - In recognition of Financial Literacy Month’s theme “Money on your Mind?

"Humanity pushes back! The Survey Corps develops a risky gambit— have Eren in Titan form attempt to repair Wall Rose, reclaiming human territory from the monsters for the first time in a century. But Titan-Eren's self-control is far from perfect, and when he goes on a rampage, not even Armin can stop him! With the survival of humanity on his massive shoulders, will Eren be able to return to his senses, or will he lose himself forever?"-- Page [4] of cover.

"A deadly typhoon, a mysterious creature and a girl who won't quit. In 2020, a large creature rampages through Tokyo, destroying everything in its path. In 1959, Asa Asada, a spunky young girl from a huge family in Nagoya, is kidnapped for ransom— and not a soul notices. When a typhoon hits Nagoya, Asa and her kidnapper must work together to survive. But there's more to her kidnapper and this storm than meets the eye. When Asa's mother goes into labor yet again, Asa runs off to find a doctor. But no one bats an eye when she doesn't return— not even as a storm approaches Nagoya. Forgotten yet again, Asa runs into a burglar and tries to stop him on her own, a decision that leads to an unlikely alliance." -- Provided by publisher.

"Asa and Kasuga see the tail of a giant creature rise from the water. In a jungle, explorers discover massive claw marks in a tree trunk. And years later in 1964, a mysterious military man appears asking all the wrong questions." -- Provided by publisher.