May 30, 2022
Real World Crypto 2022 recently concluded after a successful hybrid event in Amsterdam. With so much emphasis landing on post-quantum cryptography so far in 2022, one talk really had our attention: “Where Is the Research on Cryptographic Transition and Agility” presented by David Ott.It’s a fair point.
Read Article ->May 23, 2022
On May 4th, President Biden signed a new executive order focused on post quantum cryptography, his second featuring this subject in 2022, and we’ve still 8 months of the year to go.
Read Article ->February 3, 2022
Many of the largest recent security breaches are the result of supply-chain security issues: applications are exploited because they incorporate third-party code that contains vulnerabilities, either by mistake, or by malicious action.These attacks have led the industry to take an end-to-end look at the way we built modern software, and issue guides to securing that process. For example, the Cloud Native Computing Foundation and NIST have both released standards or drafts.
Read Article ->March 22, 2019
A first step of many cryptography projects - preparation for Cloud migration, crypto agility, or improving application security, is to map out the cryptography actually in use in an application. A naive approach would be to just review the source code and search for cryptographic calls. However, this is both time-consuming and error-prone...
Read Article ->January 21, 2019
A recent NIST paper recommending which steps to take to prepare for the advent of quantum computers proposes that users of cryptography look to achieve 'crypto agility' as soon as possible. The idea was further expanded by Gartner in a recent research note, and now crops up regularly. It's sometimes described as 'crypto-agnosticism', but what does it mean, and how does one achieve it?
Read Article ->