MIT Technology Review: Crowdsourcing the hunt for software bugs is a booming business—and a risky one

MIT Technology Review: Crowdsourcing the hunt for software bugs is a booming business—and a risky one. “This cybersecurity gig economy has expanded to hundreds of thousands of hackers, many of whom have had some experience in the IT security industry. Some still have jobs and hunt bugs in their spare time, while others make a living from freelancing. They are playing an essential role in helping to make code more secure at a time when attacks are rapidly increasing and the cost of maintaining dedicated internal security teams is skyrocketing .”

CNET: White House reportedly eliminates top cybersecurity role

CNET: White House reportedly eliminates top cybersecurity role. “Politico, The Hill and CNN report that the Trump adminstration has eliminated the White House position of cybersecurity coordinator, a role President Obama first established in 2009, at a time when hacks and cybersecurity threats weren’t as commonplace as they are today.” This is a terrible idea, and I’d be saying that even if we had President Fred Rogers.

Politico: Bolton pushing to eliminate White House cyber job

Politico: Bolton pushing to eliminate White House cyber job. “President Donald Trump’s national security team is weighing the elimination of the top White House cybersecurity job, multiple sources told POLITICO — a move that would come as the nation faces growing digital threats from adversaries such as Russia and Iran. John Bolton, Trump’s hawkish new national security adviser, is leading the push to abolish the role of special assistant to the president and cybersecurity coordinator, currently held by the departing Rob Joyce, according to one current and two former U.S. officials with direct knowledge of the discussions.”

Boing Boing: Georgia criminalizes routine security research

Boing Boing: Georgia criminalizes routine security research. “Georgia is a hub for cybersecurity research, with leading university computer science and security programs and a new $35m state cybersecurity research center underway; but the Georgia state legislature just passed SB315, the most onerous prohibition on computer security research ever passed in the USA.”

TechCrunch: New York City is launching public cybersecurity tools to keep residents from getting hacked

TechCrunch: New York City is launching public cybersecurity tools to keep residents from getting hacked . “In a week of harrowing city-level cyber attacks, New York is taking some precautions. While the timing is coincidental, New York City Mayor Bill de Blasio just announced that the city will introduce the first tools in its suite of cybersecurity offerings to protect residents against malicious online activity, particularly on mobile devices.”

POGO: A New Tool for Looking at Federal Cybersecurity Spending

POGO: A New Tool for Looking at Federal Cybersecurity Spending. “…a new tool from nonpartisan watchdog group Taxpayers for Common Sense provides perhaps the most comprehensive analysis of federal cybersecurity spending. Last week, Taxpayers released a new database and visualization tool that breaks down unclassified federal spending on cybersecurity over the past decade—giving the public a peek at how each major federal agency is devoting resources toward protecting computer systems.”

National Institute of Standards and Technology Releases Draft of Cybersecurity Assessment Tool for Enterprises

The National Institute of Standards and Technology (NIST) has released the first draft of a cybersecurity self-assessment tool for enterprises. “The builder tool is intended to help organizations ensure that their cybersecurity systems and processes support the enterprises’ larger organizational activities and functions. ‘These decisions around cybersecurity are going to impact your organization and what it does and how it does it,’ says Robert Fangmeyer, director of the Baldrige Performance Excellence Program. ‘If your cybersecurity operations and approaches aren’t integrated into your larger strategy, aren’t integrated into your workforce development efforts, aren’t integrated into the results of the things you track for your organization and overall performance, then they’re not likely to be effective.'”