Greetings,
This is a good time of year for some reflection, and right now I'm deeply grateful to our customers and supporters. Building things well and building them right requires advocates and champions. In the industry at large, there's a strong ethic of doing things fast and fixing it later that can work in some scenarios, but be disastrous in others.
Without you, the move-fast-and-ignore-security crowd would go unchecked and we'd all be in trouble. Thank you to everyone out there bringing more secure software to your product and to the world.
This year reminds us why that prudent approach matters.
Bugs and resulting vulnerabilities are inevitable. Same with misconfigurations. Estimates vary on how much human error contributes to breaches with IBM's Cost of a Data Breach Report putting it at 26%, and Verizon's DBIR putting it at 60%. Either way, it's a lot.
In the last year alone, a handful of major Elasticsearch/OpenSearch breaches exposed over 10 billion records, all caused by human error. That inspired our latest blog: One Unchecked Box, One Billion Records: The Human Error Problem.
You can't stop mistakes, but you can build things right to guard against the harms when they inevitably occur.
In other news: I gave a presentation on application security and AI that dug in and demonstrated hacks against MCP servers, among other things. The talk debuted at LASCon, then ran at OWASP Global. And if you prefer reading to watching, we posted a full transcript of my viral DEF CON talk complete with slides and videos.
It's been a busy year here at IronCore and we have some new capabilities cooking that we can't wait to announce in the new year. In the meantime, may you all have a wonderful, healthy, happy, and restful holiday.
