Cybersecurity Insights with Contrast CISO David Lindner | 05/16/25

Insight No. 1 — Security vendor alert

Regarding the open letter that hit a nerve at RSAC this year for calling out lack of reliability, accountability and transparency on the part of some security vendors, consider this: A security vendor that profits from providing the very data needed to detect and respond to threats is not a partner; they are a potential obstacle. True security collaboration necessitates transparent and unfettered access to logs. Watch out for security vendors who basically charge you for the info you need to fight threats: They're more of a roadblock than a helper. 

Insight No. 2 — App Security belongs with the CISO

Let's be clear: If Application Security is perceived as moving away from the CISO, it signals a fundamental misunderstanding of modern risk. The threats inherent in today's applications are business threats, not merely technical ones. Any organizational structure that dilutes CISO oversight of this domain is likely to face significant and avoidable operational vulnerabilities in the long run.

Insight No. 3 — Another vuln database? Not helpful

Another vulnerability database? So what. The existence of the EU's new repository, alongside the NVD and CNNVD, isn't a game-changer in itself. It's merely an additional data point in the already noisy landscape of publicly disclosed vulnerabilities. The real challenge remains: prioritizing and acting on this intelligence effectively.