Chris Wysopal is CTO at Veracode, the application security specialist. He’s put together a list of five application security predictions he thinks CIOs will face next year. 1. Sandboxing goes mainstream with adoption by Firefox and Internet Explorer Sandboxing can prevent the exploitation of coding errors by preventing code running inside the sandbox from interacting with the operating system. Software companies with apps that are designed to render data and interpret script code downloaded from the Internetstart to adopt sandboxing. SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe 2. Microsoft follows Google and Mozilla and starts paying a bug bounty Following Googleand Mozilla, more companies will offer to pay researchers for reporting bugs to them. Microsoft, which stated years ago that they wouldn’t ever pay for bugs, caves to industry pressure as they are hit with more uncoordinated disclosures than their peers. 3. A mobile app causes a major enterprise security breach Rapid growth of mobile apps continues on enterprise-connected mobile devices. Inevitably, attackers leverage this juicy new attack vector to penetrate corporate perimeters and gain access to sensitive data. It also turns out that the malicious application that enabled the attack was downloaded through a well-known and trusted app store. 4. Government and corporations stock up on anti-leak security products to defend against insider attacks, but high profile leaks continue The insider threat problem is so huge that a single security product category such as DLP coupled with new policies on removable media fails to make a dent on leaks. The comprehensive security programs focused on internal applications and internal networks take years to implement. New organisations copy the Wikileaks model to give more outlets for leaked information. 5. A critical infrastructure facility in the US suffers a damaging incident resulting from a Stuxnet-like stealthy targeted worm Stuxnetdemonstrated a sophisticated, aggressive attack capability that can be replicated. Removable media is once again used to bridge an air gap and a zero-day vulnerability in a SCADA system is used to cause physical damage. Related content feature Mastercard preps for the post-quantum cybersecurity threat A cryptographically relevant quantum computer will put everyday online transactions at risk. Mastercard is preparing for such an eventuality — today. By Poornima Apte Sep 22, 2023 6 mins CIO 100 CIO 100 CIO 100 feature 9 famous analytics and AI disasters Insights from data and machine learning algorithms can be invaluable, but mistakes can cost you reputation, revenue, or even lives. These high-profile analytics and AI blunders illustrate what can go wrong. By Thor Olavsrud Sep 22, 2023 13 mins Technology Industry Generative AI Machine Learning feature Top 15 data management platforms available today Data management platforms (DMPs) help organizations collect and manage data from a wide array of sources — and are becoming increasingly important for customer-centric sales and marketing campaigns. By Peter Wayner Sep 22, 2023 10 mins Marketing Software Data Management opinion Four questions for a casino InfoSec director By Beth Kormanik Sep 21, 2023 3 mins Media and Entertainment Industry Events Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe