Christian, apart from your project operations, your team of analysts looks into potential security vulnerabilities. Why do you do that?
We can only protect businesses against hackers and criminals effectively if we always keep our skills and knowledge up to date. That’s why security research is just as important for our work as building up a security community to promote the exchange of knowledge.
Does that mean that you share your findings with other security researchers?
Yes, definitely. More security can only be achieved if lots of people take on the task together. We also help security analysts at other companies to identify vulnerabilities and remediate security risks – always in line with our responsible disclosure policies, of course.
What role does the usd HeroLab play in that context?
The usd HeroLab and our usd Akademie are essential parts of our security mission. We use the HeroLab as a training platform ourselves, but we also make it available to companies, research institutes and universities. We run training courses and publish papers to share the knowledge we gain in our practical work and through our research.
What kinds of publications can we expect from you?
The usd HeroLab is going to publish a series of papers on new security vulnerabilities and current security issues. The first paper has already been published. Ralf Almon, one of our senior security consultants and a forensics specialist, has shared his insights into a very interesting issue:
“How a Vulnerable Picture Upload Can Be Exploited Using Manipulated Picture Files”
Outsourcing applications and data to the cloud brings significant benefits for companies, but at the same time also new challenges for the corresponding IT departments. The technologies and processes of a cloud environment differ from those of local data centers....