https://csrc.nist.gov/pubs/cswp/41/likely-exploited-vulnerabilities-a-proposed-metric/final попытка оценить скорость эксплуатации уязвимости после её публикации.
CSRC | NIST
Likely Exploited Vulnerabilities: A Proposed Metric for Vulnerability Exploitation Probability
This work presents a proposed security metric to determine the likelihood that a vulnerability has been observed to be exploited. Only a small fraction of the tens of thousands of software and hardware vulnerabilities that are published every year will be…
На Win 11 появится аналог sudo https://blogs.windows.com/windowsdeveloper/2025/05/19/enhance-your-application-security-with-administrator-protection/
Windows Developer Blog
Enhance your application security with administrator protection
Introduction Administrator protection is a new Windows 11 platform security feature that aims to protect the admin users on the device while still allowing them to perform the necessary functions which may require use of admin level permissi
И готовится поддержка постквантовых алгоритмов
https://techcommunity.microsoft.com/blog/microsoft-security-blog/post-quantum-cryptography-comes-to-windows-insiders-and-linux/4413803
https://techcommunity.microsoft.com/blog/microsoft-security-blog/post-quantum-cryptography-comes-to-windows-insiders-and-linux/4413803
TECHCOMMUNITY.MICROSOFT.COM
Post-Quantum Cryptography Comes to Windows Insiders and Linux | Microsoft Community Hub
Introduction
As the digital landscape continues to evolve, the emergence of quantum computing presents both significant opportunities and challenges....
As the digital landscape continues to evolve, the emergence of quantum computing presents both significant opportunities and challenges....
https://www.enisa.europa.eu/publications/handbook-for-cyber-stress-tests
Руководство для комплаенса требованиям ЕС NIS2.
Руководство для комплаенса требованиям ЕС NIS2.
www.enisa.europa.eu
Handbook for Cyber Stress Tests | ENISA
ENISA is the EU agency dedicated to enhancing cybersecurity in Europe. They offer guidance, tools, and resources to safeguard citizens and businesses from cyber threats.
https://www.tiobe.com/tiobe-index/ Неявная подсказка от TIOBE на ssdlc каких языков стоит специализироваться.
1 схема от pci dss по процессу vm.https://blog.pcisecuritystandards.org/new-infographic-pci-dss-vulnerability-mangement-processes
blog.pcisecuritystandards.org
New Infographic: PCI DSS Vulnerability Management Processes
A new infographic and related FAQ have just been published to address stakeholder requests for guidance and clarity around 1) identifying and risk-ranking vulnerabilities, and 2) resolving or addressing vulnerabilities in PCI Data Security Standard (PCI DSS)…
👍3
Мажорный релиз требований для устройств взаимодействующих с картами (пос терминалы, пин пады банкоматов/киосков и т.д.).
https://blog.pcisecuritystandards.org/just-published-pts-poi-v7-0
Some of these changes, designed to address industry needs, include:
Added a new requirement for the physical/logical security of biometric interfaces.
Added a new requirement to allow the use of third-party applications (e.g., app stores).
Added consideration for secret or private keys that are not zeroized in the event of tamper if forward secrecy is used, and extraction of these keys requires the destruction of the processing element using the key.
Specified that terminal security keys, such as firmware authentication, tamper/storage keys, etc., must use cryptography that implements an effective key strength of 128 bits or stronger.
The addition of an option to provide a PIN-entry feature designed for accessibility which may be made available on a per-transaction basis.
https://blog.pcisecuritystandards.org/just-published-pts-poi-v7-0
Some of these changes, designed to address industry needs, include:
Added a new requirement for the physical/logical security of biometric interfaces.
Added a new requirement to allow the use of third-party applications (e.g., app stores).
Added consideration for secret or private keys that are not zeroized in the event of tamper if forward secrecy is used, and extraction of these keys requires the destruction of the processing element using the key.
Specified that terminal security keys, such as firmware authentication, tamper/storage keys, etc., must use cryptography that implements an effective key strength of 128 bits or stronger.
The addition of an option to provide a PIN-entry feature designed for accessibility which may be made available on a per-transaction basis.
blog.pcisecuritystandards.org
Just Published: PTS POI v7.0
PCI SSC has published a major revision to PCI PIN Transaction Security (PTS) Point-of-Interaction (POI) Modular Security Requirements from version 6.2 to version 7.0. PCI PTS POI v7.0 includes 59 requirement changes and 23 pieces of additional guidance.
Лучшие менеджерские поактики по безопасности ИИ от регуляторов США, Великобритании и Австралии.
Предварительный анализ говорит скорее в пользу этого документа, чем Governance checklist OWASP.
https://media.defense.gov/2025/May/22/2003720601/-1/-1/0/CSI_AI_DATA_SECURITY.PDF
Предварительный анализ говорит скорее в пользу этого документа, чем Governance checklist OWASP.
https://media.defense.gov/2025/May/22/2003720601/-1/-1/0/CSI_AI_DATA_SECURITY.PDF
Рекомендации скорее в целом про оценку влияния ИИ на людей и организации. Есть пара отсылок на ИБ.