Christian, apart from your project operations, your team of analysts looks into potential security vulnerabilities. Why do you do that?
We can only protect businesses against hackers and criminals effectively if we always keep our skills and knowledge up to date. That’s why security research is just as important for our work as building up a security community to promote the exchange of knowledge.
Does that mean that you share your findings with other security researchers?
Yes, definitely. More security can only be achieved if lots of people take on the task together. We also help security analysts at other companies to identify vulnerabilities and remediate security risks – always in line with our responsible disclosure policies, of course.
What role does the usd HeroLab play in that context?
The usd HeroLab and our usd Akademie are essential parts of our security mission. We use the HeroLab as a training platform ourselves, but we also make it available to companies, research institutes and universities. We run training courses and publish papers to share the knowledge we gain in our practical work and through our research.
What kinds of publications can we expect from you?
The usd HeroLab is going to publish a series of papers on new security vulnerabilities and current security issues. The first paper has already been published. Ralf Almon, one of our senior security consultants and a forensics specialist, has shared his insights into a very interesting issue:
“How a Vulnerable Picture Upload Can Be Exploited Using Manipulated Picture Files”
Information Security in Third-Party Risk Management: How to Set Up a TPRM Program
Companies often work with a large number of service providers in order to be able to concentrate on their core business or save costs. For this to succeed, companies must grant their service providers access (digital and analog) to their company assets. This opening...
