<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Policy on Jorge Laurel</title><link>https://jorgelaurel.com/topics/policy/</link><description>Recent content in Policy on Jorge Laurel</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Fri, 26 Jun 2026 16:46:24 +0000</lastBuildDate><atom:link href="https://jorgelaurel.com/topics/policy/index.xml" rel="self" type="application/rss+xml"/><item><title>Vulnerability Exploitation Is Moving Faster. What the 2026 Time-to-Exploit Data Shows</title><link>https://jorgelaurel.com/writing/vulnerability-exploitation-is-moving-faster-what-the-2026-time-to-exploit-data-s/</link><pubDate>Fri, 26 Jun 2026 16:46:24 +0000</pubDate><guid>https://jorgelaurel.com/writing/vulnerability-exploitation-is-moving-faster-what-the-2026-time-to-exploit-data-s/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/writing/9ff786bcd88babc4.png" alt=""&gt;&lt;/p&gt;
&lt;p&gt;Average time from vulnerability disclosure to working exploit has dropped from roughly 125 days in early 2025 to under a day by April 2026, across an analysis of approximately 69,000 CVEs. Some vulnerabilities are now exploited before patch advisories are published. The assumptions most patch management processes were built on may no longer hold.&lt;/p&gt;
&lt;p&gt;For most of the last two decades, vulnerability management rested on a quiet assumption: between the moment a flaw became public and the moment an attacker could use it at scale, defenders had a usable buffer. Days, often weeks. Enough time to test, stage, and deploy a patch or patches. A lot of process was built on top of that buffer.&lt;/p&gt;</description></item><item><title>Strengthening Cybersecurity: The Power of Public/Private Partnerships</title><link>https://jorgelaurel.com/writing/strengthening-cybersecurity-the-power-of-public-private-partnerships/</link><pubDate>Sat, 03 May 2025 14:52:39 +0000</pubDate><guid>https://jorgelaurel.com/writing/strengthening-cybersecurity-the-power-of-public-private-partnerships/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/writing/fc4b6f19f20d1361.png" alt=""&gt;&lt;/p&gt;
&lt;p&gt;Cybersecurity threats don&amp;rsquo;t respect boundaries—so why should our solutions?&lt;/p&gt;
&lt;p&gt;When protecting critical infrastructure—such as power grids, transportation networks, healthcare systems, water supplies, and financial institutions—no single organization can tackle the challenge alone. This makes public-private partnerships not just beneficial, but absolutely essential for safeguarding our societies.&lt;/p&gt;
&lt;h3 id="why-are-partnerships-necessary"&gt;&lt;strong&gt;Why Are Partnerships Necessary?&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;Government agencies bring authority, resources, and oversight to set regulations, establish security standards, and coordinate broad responses. However, it&amp;rsquo;s the government and agencies and departments often face bureaucratic delays that slow implementation. Meanwhile, private companies can be more agile and innovative, quickly adopting advanced technologies. But without the legal authority or network reach of public entities, their efforts can struggle to scale up nationwide or across borders.&lt;/p&gt;</description></item><item><title>Did you really read the Terms of Service before installing that app?</title><link>https://jorgelaurel.com/writing/did-you-really-read-the-terms-of-service-before-installing-that-app/</link><pubDate>Thu, 01 Aug 2024 14:00:00 +0000</pubDate><guid>https://jorgelaurel.com/writing/did-you-really-read-the-terms-of-service-before-installing-that-app/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/writing/5b88bda33352ddfa.png" alt=""&gt;&lt;/p&gt;
&lt;p&gt;In the digital age, social media apps have become an integral part of daily life, offering connectivity, entertainment, and a platform for self-expression. However, the convenience of these apps comes with significant cybersecurity risks. While &lt;strong&gt;ALL&lt;/strong&gt; social media platforms, or any app that you install, pose some level of risk, these dangers are heightened when the company that created the app is based in a country that can compel it to hand over user data.&lt;/p&gt;</description></item><item><title>Defense Industrial Base Cybersecurity Strategy for 2024-2027: An Overview</title><link>https://jorgelaurel.com/writing/defense-industrial-base-cybersecurity-strategy-for-2024-2027-an-overview/</link><pubDate>Sun, 31 Mar 2024 20:57:00 +0000</pubDate><guid>https://jorgelaurel.com/writing/defense-industrial-base-cybersecurity-strategy-for-2024-2027-an-overview/</guid><description>&lt;p&gt;The Department of Defense (DoD) has unveiled its ambitious &lt;a href="https://media.defense.gov/2024/Mar/28/2003424523/-1/-1/1/DOD_DOB_CS_STRATEGY_DSD_SIGNED_20240325.PDF"&gt;Defense Industrial Base (DIB) Cybersecurity Strategy for Fiscal Years 2024-2027&lt;/a&gt;. This forward-looking strategy lays out a detailed roadmap to strengthen cybersecurity and cyber resiliency within the DIB, aligning closely with overarching national defense and cybersecurity strategies. At the heart of this strategy is a multilayered approach to enhancing governance structures, boosting cybersecurity postures, ensuring the preservation of critical capabilities in cyber-contested environments, and fostering improved collaboration across the DIB.&lt;/p&gt;</description></item><item><title>Beyond the Perimeter: Advancing Zero Trust Maturity with Network and Environment Strategies</title><link>https://jorgelaurel.com/writing/beyond-the-perimeter-advancing-zero-trust-maturity-with-network-and-environment-/</link><pubDate>Sun, 10 Mar 2024 15:00:00 +0000</pubDate><guid>https://jorgelaurel.com/writing/beyond-the-perimeter-advancing-zero-trust-maturity-with-network-and-environment-/</guid><description>&lt;p&gt;On 5 March 2024, the National Security Agency (NSA) issued a Cybersecurity Information Sheet (CSI) titled “&lt;a href="https://media.defense.gov/2024/Mar/05/2003405462/-1/-1/0/CSI-ZERO-TRUST-NETWORK-ENVIRONMENT-PILLAR.PDF"&gt;&lt;em&gt;Advancing Zero Trust Maturity Throughout the Network and Environment Pillar&lt;/em&gt;&lt;/a&gt;” aimed at enhancing network defenses by restricting adversaries&amp;rsquo; lateral movements. It emphasizes the necessity of adopting a Zero Trust framework, which includes rigorous internal network controls and segmentation to prevent unauthorized access to critical data and systems.&lt;/p&gt;
&lt;p&gt;NSA Cybersecurity Director Rob Joyce highlighted the importance of recognizing internal threats and actively countering potential breaches by stating “Organizations need to operate with a mindset that threats exist within the boundaries of their systems. This guidance is intended to arm network owners and operators with the processes they need to vigilantly resist, detect, and respond to threats that exploit weaknesses or gaps in their enterprise architecture.”&lt;/p&gt;</description></item><item><title>Small Targets, Big Impact: Why Securing SMBs is Critical for National Security</title><link>https://jorgelaurel.com/writing/small-targets-big-impact-why-securing-smbs-is-critical-for-national-security/</link><pubDate>Sun, 18 Feb 2024 15:00:00 +0000</pubDate><guid>https://jorgelaurel.com/writing/small-targets-big-impact-why-securing-smbs-is-critical-for-national-security/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/writing/9bd5438aea9de1a0.png" alt=""&gt;&lt;/p&gt;
&lt;p&gt;As digital transformation reshapes the economy, safeguarding critical infrastructure has become vital. Critical infrastructure refers to systems essential for societal and economic operations, now frequently targeted by cyber threats. Adversaries recognize the strategic value of critical infrastructure and exploit vulnerabilities to disrupt services, steal sensitive data, or cause chaos.&lt;/p&gt;
&lt;p&gt;Despite their size, the role of small to medium-sized businesses (SMBs) in protecting this infrastructure is often underestimated yet it is critical in the broader strategy to defend against these threats. SMBs are key players in this defense against state actors, cybercriminals, and activists. Recognizing and enhancing SMBs&amp;rsquo; role is fundamental to a comprehensive defense of our interconnected digital landscape.&lt;/p&gt;</description></item><item><title>Fortifying Critical Infrastructure: The Open-Source Software Security Imperative</title><link>https://jorgelaurel.com/writing/fortifying-critical-infrastructure-the-open-source-software-security-imperative/</link><pubDate>Sun, 04 Feb 2024 15:00:00 +0000</pubDate><guid>https://jorgelaurel.com/writing/fortifying-critical-infrastructure-the-open-source-software-security-imperative/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/writing/df6bc4cf441edb38.png" alt=""&gt;&lt;/p&gt;
&lt;p&gt;In our digital age, securing critical infrastructure must be THE key focus, given its foundational role in national security, economic stability, and public safety. For the past several months my team and I have been involved with the Open-Source Software Security Initiative (OS3I). The OS3I convenes Federal agencies and considers input from the open-source software community, civil society, and private sector stakeholders across the open-source software landscape to deliver policy solutions to secure and defend the open-source software ecosystem. This initiative underscores a collaborative effort to fortify the backbone of our society against escalating cyber threats, leveraging the collective expertise and innovation inherent in the open-source community to ensure a resilient and secure infrastructure for the future.&lt;/p&gt;</description></item></channel></rss>