For some time now, public companies in the United States have been on notice that the Securities and Exchange Commission (SEC) is tightening down on the reporting of security incidents. Now that the compliance deadlines are here, it seems a bit more real. As a complement to my recent webinar "SEC Cybersecurity Ruling: Application security + incident response" this piece serves as a recap and a checklist on what businesses – both public and private – need to be focusing on now that the SEC disclosure rules are here.

Google update their Minimum Viable Secure Product

Back in 2021, Google launched, alongside other organisations, a new security baseline for products known as the Minimum Viable Secure Product. Now, 2 years later, they've released an update to that standard.

The Security Headers grading criteria is something that doesn't change often, but when it does, there's a good reason behind the change. In this blog, I will outline the new grading criteria and the reasons why we've made the change.

In the world of cyber security, knowledge is power, and Security Headers has been a trusted ally for web developers around the world for years. For the first time ever, thanks to the support of our partnership with Probely, we’re going to delve into the treasure trove of historic scan data and explore the insights it can provide.