In one implementation, a method for providing security on an externally connected controller includes launching, by the controller, a security layer that includes a whitelist of permitted processes on the controller, the whitelist including (i) signatures for processes that are authorized to be executed and (ii) context information identifying permitted controller contexts within which the processes are authorized to be executed; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the determined signature with a verified signature for the particular process from the whitelist; identifying, by the security layer, a current context for the controller; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the current context with one or more permitted controller contexts for the particular process from the whitelist.

Methods and systems for creating a verifiable digital identity are provided. The method includes obtaining a first user-generated item comprising an identifiable feature. The method also includes digitally signing the first user-generated item to generate a secure digital artifact. The method also includes uploading the secure digital artifact and the first user-generated item to an auditable chain of a public ledger. The method also includes verifying a digital identity of the user by auditing the auditable chain. The method also includes obtaining a second user-generated item generated comprising the identifiable feature. The method also includes comparing the first and second user-generated items. The method also includes uploading the second user-generated item to the public ledger when the comparing is within a threshold.

An open source library rating is generated for an open source library based on dependencies of the library, vulnerabilities of the library, an age of the library, a popularity of the library, a history of the library, or any suitable combination thereof. The rating of a specific version of a library may be generated based on a base score for all versions of the library and a version score for the specific version of the library. An authorization system receives a request from a developer to add a library to a software application. In response, the authorization system accesses a rating for the library. Based on the rating, the authorization system approves the request, denies the request, or recommends an alternative library.

Disclosed examples include accessing a search term from a client device; accessing a first identifier, the first identifier corresponding to a first database proprietor, the first identifier to access first user information corresponding to a user of the client device; accessing a second identifier, the second identifier corresponding to a second database proprietor, the second identifier to access second user information corresponding to the user of the client device; providing the search term, the first identifier, and the second identifier in a message; and transmitting the message to a server.

Systems and methods are disclosed for event-based application control. A system extension is configured to leverage an endpoint security API for monitoring event activity within operating system kernel processes. The system extension registers with the endpoint security API particular event types for which the system extension would like to receive notifications. In response to receiving notifications regarding detected events corresponding to the registered event types, the system extension determines if the event, and its corresponding process, are safe and allowable to execute. In various embodiments, the system leverages whitelists, blacklists, and rules policies for making a safeness determination regarding the event notification. The system extension transmits this determination to the operating system via the endpoint security API.

The present disclosure provides techniques for calculating an entity's cybersecurity risk based on identified relationships between the entity and one or more vendors. Customer/vendor relationships may impact the cybersecurity risk for each of the parties involved because a security compromise of a downstream or upstream provider can lead to a compromise of multiple other companies. For example, if organization A uses B (e.g., a cloud service provider) to store files, and B is compromised, this may lead to organization A being compromised (e.g., the files organization A stored using B may have been compromised by the breach of B's cybersecurity). Embodiments of the present disclosure further provide a technique for calculating a cybersecurity risk score for an organization based on identified customer/vendor relationships.

Systems, methods, and interfaces for the management of virtual machine instances and other programmatically controlled networks are provided. The hosted virtual networks are configured in a manner such that a virtual machine manager of the virtual network may monitor activity such as user requests, network traffic, and the status and execution of various virtual machine instances to determine possible security assessments. Aspects of the virtual network may be assessed for vulnerabilities at varying levels of granularity and sophistication when a suspicious event or triggering activity is detected. Illustrative embodiments of the systems and methods may be implemented on a virtual network overlaid on one or more intermediate physical networks that are used as a substrate network.

Provided is a more versatile technique that makes it possible to input dummy information in response to an attacker seeking to collect normal information that cannot be replaced with dummy information. In the present invention, a dummy information insertion device inserts dummy information into a second location that is determined using: first location information indicating a first location that contains normal information, from among all normal information in a computer, which cannot be replaced with other information; and insertion condition information that indicates conditions for determining the second location into which dummy information is to be inserted, with such dummy information resembling the normal information that cannot be replaced and not being present in the computer or in a local network connected to the computer.

At least some aspects of the present disclosure feature systems and methods for obfuscating data. The method includes the steps of receiving an input data stream including a sequence of n-grams, mapping at least some of the sequence of n-grams to corresponding dictionary terms using a dictionary, and disposing the corresponding tokens to an output data stream.

In a fraud-detection method for use in an in-vehicle network system including a plurality of electronic control units (ECUs) that exchange messages on a plurality of networks, a plurality of fraud-detection ECUs each connected to a different one of the networks, and a gateway device, a fraud-detection ECU determines whether a message transmitted on a network connected to the fraud-detection ECU is malicious by using rule information stored in a memory. The gateway device receives updated rule information transmitted to a first network among the networks, selects a second network different from the first network, and transfers the updated rule information only to the second network. A fraud-detection ECU connected to the second network acquires the updated rule information and updates the rule information stored therein by using the updated rule information.