Industry Insights
Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Why We Created the Global Security Database
The Global Security Database is a modern approach to a modern problem. CVE is an old approach to an old problem, one that still exists (legacy code bases), but has been superseded by new and much more complicated IT systems.Stage 1: We can improve CVE from withinIn the beginning (1999) there was ...
What is a Vulnerability?
A philosophical but practical exploration of technical vulnerabilitiesLet’s check Merriam-Webster:open to attack or damageThis doesn’t feel complete. What’s missing? Let’s check Wikipedia:In computer security, a vulnerability is a weakness which can be exploited by a threat actor, such as an atta...
How we ended up with #log4shell aka CVE-2021-44228
Quick note: from now on I will refer to log4j version 2 as “log4j2” To learn how to deal with the critical vulnerability in log4j2, read the first blog in this series, Dealing with log4shell. To get a breakdown of the timeline of events, refer to the second blog, Keeping up with log4shell. So how...
Keeping up with log4shell aka CVE-2021-44228 aka the log4j version 2
Quick note: from now on I will refer to log4j version 2 as “log4j2”If you use Java within your products or services and haven’t yet patched them, please see “Dealing with log4shell aka CVE-2021-44228 aka the log4j version 2”Trick question: Who helped coordinate the global response on CVE-2021-442...
Got Vulnerability? Cloud Security Alliance Wants to Identify It
I wanted to take some time to tell you about a new CSA working group in formation that I am taking a personal interest in. I am sure you have all heard the expression, “when you have a hammer, all problems look like nails.” This is very relatable to our industry, as we have to be careful that we ...
Browse by Topic
Write for the CSA blog
Submit your blog proposalSign up to receive CSA's latest blogs
This list receives 1-2 emails a month.