Appsec adventures

The PKI Consortium will host its fourth Post-Quantum Cryptography (PQC) Conference from October 28 to 30, 2025 in Kuala Lumpur (and online) at the Connexion Conference & Event Centre. The event includes hands-on workshops, expert talks, panels, and breakout sessions, all focused on preparing for the transition to quantum-resistant cryptographic systems. Registration is free, though attendees are responsible for their own travel and lodging. Speakers will include leading figures in cryptography, PKI, and quantum security, and content is structured to balance strategy, technical depth, and education across the three days. https://pkic.org/events/2025/pqc-conference-kuala-lumpur-my/

Qinsight is a SaaS platform focused on giving organizations visibility into their cryptographic assets across TLS, SSH, certificates, and encryption protocols. It helps assess and score cryptographic risk, flag vulnerabilities (including quantum-vulnerable algorithms), and provides guidance for remediation. The platform is designed to aid compliance, prepare for post-quantum cryptographic transitions, and reduce blind spots in how encryption is used across enterprise systems. https://www.qinsight.com/

The report from Katilyst combines original survey data from 33 organizations with external benchmarks (like BSIMM15) to provide a real-world view of how security champion programs currently operate. It shows that most programs are under four years old, reveals how older programs expand their scope (from secure coding toward governance and threat modeling), and demonstrates a correlation between champion adoption and program maturity: top-tier firms tend to more fully integrate champion initiatives across departments. The report is intended as a benchmarking tool and a guide for scaling security culture effectively.  https://www.katilyst.com/state-of-security-champions-report-2025

The article highlights a pervasive talent shortage in cybersecurity, noting that 65 percent of organizations currently have open cybersecurity positions they cannot staff. It explores contributing factors such as skill mismatches, recruitment challenges, and structural barriers, and argues that addressing the gap will require changes in hiring practices, training pipelines, and industry expectations.  https://www.infosecurity-magazine.com/news/two-thirds-unfilled-cybersecurity/

The article from Defendermate describes how their team is launching a freely accessible, continuously updated list of npm packages affected by the Shai-Hulud incident. They explain that even though the initial spread of malicious code may have been contained, many security teams are still grappling with residual risks and hidden dependencies. Defendermate positions this curated resource as a way to aid organizations in assessing exposure, prioritizing remediation, and staying ahead of potential downstream impacts from the attack.  https://defendermate.com/whatsnew/shai-hulud