Google is strengthening security requirements for 3rd party apps using GMail API, revoking access to GMail API on February 22nd, 2019. To continue using GMail API, apps have to pass a permitted use review and a cyber-security assessment. Continue reading "Google to revoke GMail access from non-secured apps starting Feb 2019"

Security flaws in custom web and mobile applications bypass technical safeguards prescribed by GDPR. Absence of GDPR clauses in speaking specifically about software security leaves companies vulnerable to 2nd-level of GDPR fines – up to EUR 10,000,000 or 2% of global turnover, whichever is greater. Continue reading "Software security: your biggest GDPR oversight"

It’s been highly publicized during the past 2 weeks that British Airways spilled out the payment info on 380,000 customers to hackers, with CVV2 codes, via their web and mobile apps. As most companies disclosing a breach, they called it a “very sophisticated” hack, and surely not a result of poor software development practices. Continue reading "British Airways may have jeopardized your payment card data"

Having recently learned here at SoftSeq from a client how much money they spent in 6 months on a well-known crowdsourced bug-hunting platform, compared to what an end-to-end security audit would cost, forced us to share our thoughts. This is our first blog post, anywhere, ever. Continue reading "How to stop wasting security budget on bug-bounties"