{"id":183712,"date":"2026-02-02T06:02:00","date_gmt":"2026-02-02T11:02:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/02\/we-moved-fast-and-broke-things-its-time-for-a-change\/"},"modified":"2026-02-02T06:20:08","modified_gmt":"2026-02-02T11:20:08","slug":"we-moved-fast-and-broke-things-its-time-for-a-change","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/02\/we-moved-fast-and-broke-things-its-time-for-a-change\/","title":{"rendered":"We moved fast and broke things. It\u2019s time for a change."},"content":{"rendered":"<p><a href=\"https:\/\/cyberscoop.com\/move-fast-break-things-cybersecurity-supply-chain-security-op-ed\/\">We moved fast and broke things. It\u2019s time for a change.<\/a><\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/move-fast-break-things-cybersecurity-supply-chain-security-op-ed\/\">https:\/\/cyberscoop.com\/move-fast-break-things-cybersecurity-supply-chain-security-op-ed\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-02 06:02:00<\/a><\/p>\n<p>Source Domain: <a href=\"cyberscoop.com\">cyberscoop.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>The phrase \u201cMove fast and break things\u201d is a guiding philosophy in the technology industry. The phrase was coined by Meta CEO and founder Mark Zuckerberg more than two decades ago: an operational directive for Facebook developers to prioritize speed and innovation even at the cost of stability. \u201cUnless you are breaking stuff,\u201d Zuckerberg told Business Insider in a 2009 interview, \u201cyou are not moving fast enough.\u201d\u00a0<\/p>\n<p>But Zuckerberg\u2019s call was heard well beyond Facebook\u2019s offices. The tech industry has embraced the philosophy for close to two decades, with benefits that are visible all around us: from Tik-Tok influencers, to contactless mobile payments, self-driving taxis, and AI-powered glasses.\u00a0<\/p>\n<p>Practically, however, the culture of \u201cmove fast and break things\u201d produced firms that prioritize fast release cycles and feature development over software security and resilience. They move fast and make broken things: vulnerable and poorly designed applications, services and devices that are preyed on by cybercriminal groups and hostile nations. Consider the China-backed APT groups targeting both known and \u201czero-day\u201d flaws in on-premises Microsoft Sharepoint instances in 2025 and Ivanti VPN devices in 2023. Those campaigns led to the compromise of hundreds of organizations globally, including U.S. federal agencies and critical infrastructure operators.\u00a0<\/p>\n<p>Then there was the campaign by the China-backed threat actor UNC6395 who targeted customers of Salesforce using OAuth tokens stolen from the third party application Salesloft Drift to exfiltrate large volumes of data from hundreds of Salesforce instances.\u00a0<\/p>\n<p>These incidents highlight two key features of today\u2019s cyberthreat landscape. First, attackers exploit older applications with legacy code that contains high-severity security vulnerabilities. Second, they target large, complex cloud platforms like Salesforce by compromising vulnerable third-party integrations, software dependencies, and poorly managed APIs.\u00a0<\/p>\n<p>This problem is compounded by a dangerous assumption: that software suppliers are trustworthy and secure. This mindset is outdated. In the past, supply chain attacks were rare, development cycles took months or years, and applying patches quickly was the gold standard. Today, in the \u201cmove fast\u201d era, code can go from development to production in days, hours, or even seconds.\u201d<\/p>\n<p>Consider the recent Trust Wallet breach. In December, the cryptocurrency application vendor disclosed that hackers stole approximately $8.5 million in crypto assets through a compromised Google Chrome extension. The root cause was a November outbreak of the Shai Hulud registry-native worm, which leaked Trust Wallet developers\u2019 GitHub credentials. With these credentials, attackers accessed Trust Wallet\u2019s browser extension source code and the Chrome Web Store (CWS) API key, the company said in a blog post. This allowed them to upload malicious extension builds directly to the store, bypassing Trust Wallet\u2019s standard security reviews. Within days, Trust Wallet users awoke to find their wallets emptied.\u00a0<\/p>\n<p>By compromising \u201cpre-blessed\u201d channels like software updates from trusted suppliers or open source projects, criminal and nation-state attackers can extend their reach into sensitive IT environments.<\/p>\n<p>The solution to problems like this starts with recognizing that the \u201cmove fast and break things\u201d era must end. As software powers everything from database servers to dishwashers and tractors, vendors must prioritize security to meet market demands and regulatory requirements. This means proving their software is secure. Traditional application security testing tools\u2014like software composition analysis (SCA), static application security testing (SAST), and dynamic application security testing (DAST)\u2014are part of the solution.<\/p>\n<p>However, today\u2019s threat landscape requires software publishers to look beyond appsec\u2019s \u201cusual suspects.\u201d They must test compiled binaries before release to detect tampering or malicious code that typically evades traditional application security tools. After all, that\u2019s what we saw with incidents like the hacks of Solarwinds\u2019 Orion or VoIP provider 3CX\u2019s Desktop App.\u00a0<\/p>\n<p>Software publishers also need to prioritize code quality, security and transparency. They can do that by establishing ambitious \u201czero vulnerability\u201d goals that incentivize them to address problems like \u201ccode rot\u201d (reliance on old and vulnerable software modules). They must also embrace transparency by publishing bills of materials for their products\u2014including SBOMs (software bills of materials), MLBOMs (machine learning bills of materials), and SaaSBOMs. Knowing what is in the software your organization consumes can be critical to heading off attacks that exploit vulnerable software dependencies or other supply chain weaknesses.\u00a0<\/p>\n<p>Should tech firms still move fast and innovate? Absolutely. But in 2026, innovation and rapid releases must be balanced with an even greater priority: building secure, resilient technology that protects both vendors and customers from attacks. Instead of \u201cmove fast and break things,\u201d we need a new rallying cry: \u201cMake Smart and Safe Things.\u201d\u00a0\u00a0<\/p>\n<p>Sa\u0161a Zdjelar is the Chief Trust Officer (CTrO) at ReversingLabs and Operating Partner at Crosspoint Capital with nearly 20 years of Fortune 10 global executive leadership experience. His CTrO scope includes leadership, oversight and governance of the CISO\/CSO function, including product security, as well as partnering with other leaders on corporate and product strategy, strategic partnerships and research, and customer and technology advisory boards, including sponsoring the ReversingLabs CISO Council.<\/p>\n<p>\t\t\tWritten by Sa\u0161a Zdjelar<br \/>\n\t\t\tSa\u0161a Zdjelar is the chief trust officer of ReversingLabs.\t\t<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>We moved fast and broke things. It\u2019s time for a change. https:\/\/cyberscoop.com\/move-fast-break-things-cybersecurity-supply-chain-security-op-ed\/ Publish Date: 2026-02-02&#8230;<\/p>\n","protected":false},"author":1,"featured_media":183713,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2026\/01\/Move_Fast_and_Break_Things_14071866872.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,30,24,31,34,27],"class_list":["post-183712","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-breach","tag-cybersecurity","tag-exploit","tag-threat-actor","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/183712"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=183712"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/183712\/revisions"}],"predecessor-version":[{"id":183714,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/183712\/revisions\/183714"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/183713"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=183712"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=183712"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=183712"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}