 |
|
|
|||||
Earlier this month, Microsoft confirmed that attackers had exploited a critical vulnerability in SharePoint servers. A patch had already been issued, but it failed to fully resolve the problem. Within days, sophisticated attackers found a way around the fix, compromising thousands of systems. The flaw was real. So was the patch. The breach happened anyway. Think of it like finding a crack in a dam, sealing it up, but still waking up to floodingsomehow, the water found another way through.This was a patch that didnt stick, and no one caught it in time. The SharePoint incident shows that vulnerabilities happen in every environment. What matters most is how quickly an organization detects an issue, responds to it, and contains the fallout when something goes wrong. That response involves different teams working together under pressure. Vulnerabilities are expected. Effective responses are key. Its normal for new flaws to be discovered every dayin code, in third-party dependencies, and in internal tooling. No organization can prevent every vulnerability from appearing. Whats more important is the ability to respond quickly and effectively when they emerge. In this case, a fix was assumed to be sufficient when it wasnt. The vulnerability continued to exist, but there was no immediate signal that the patch had fallen short. Whats worse is that we know researchers were able to reproduce the vulnerability by examining the difference between versions of the patch Microsoft first gave. In many companies, a fix gets logged as complete and quietly dropped. Weeks later, the same issue resurfaces because the update never made it everywhere it was needed. No alert, no second check. Everyone thought it was done. It wasnt.This points to a deeper challenge in how modern software is secured. When security updates are shipped, the job isnt over. The team responsible for the system must monitor whether the fix is effective, whether attackers are still probing it, and whether follow-up action is needed.Organizations that build and ship software must treat response as an ongoing responsibility. Where companies can improve their response The SharePoint breach shows how even fast responses can fall short if no one checks whether the fix actually worked. This applies to any organization that manages software, whether internal systems or external platforms (which is the large majority).These are technical failures, but theyre rooted in human ones: missed signals, misaligned teams, and no agreement on what still needs fixing. Here are five ways to respond more effectively: 1. Know whats still exposed Fixing a problem isnt the same as removing the risk. Teams need a clear view of which systems remain vulnerable after a patch goes out. 2. Make sure the right people see the issue Security alerts often sit in tools that developers dont use (or like to use). Engineers should be able to see and act on what needs fixing without extra steps. 3. Focus on real risk When every alert looks urgent, the ones that matter get missed. Prioritize whats actually exploitable and affects the systems you rely on. 4. Follow through after the fix An exploited vulnerability is rarely a one-time event. Teams should keep an eye on it to confirm the threat is fully contained. 5. Track how long real problems stay open Its easy to count alerts. Its more useful to track how long serious vulnerabilities take to get resolved. That shows whether your response is actually working. Shifting this mindset takes empathy. The person responsible for security should think about developers in the same way Apples product team thinks of their customers. Is the information clear? Is it delivered where they already work? Are we helping them succeed? Or, are we just giving them one more ticket in a backlog that never ends? And beyond tools, it takes trust. Teams need permission to speak up when somethings unclear, and they need clarity on who owns what. Clarity is key The SharePoint breach revealed a blind spot in how teams track, validate, and follow through on the risks they already know about. Security is failing because teams dont have the visibility to see whats still vulnerable, the clarity to focus on what matters, or the workflows to make fixes stick. Without that, speed doesnt matter, because you’re still exposed. The organizations that avoid the next breach won’t be the ones who patch the fastest. They’ll be the ones who can see the whole picture, cut through the noise, communicate effectively, and close the loop before attackers get there first.
Category:
E-Commerce
Holding a patent could be a lot costlier for businesses and founders in the years to come. The Trump administration is reportedly considering a substantial change to the patent process, which would raise trillions of dollars for the government but could substantially increase fees for patent holders. The Wall Street Journal reports the Commerce Department is considering charging patent holders between 1% and 5% of their overall patent value. It’s unclear if that will replace the current model, where companies and individuals pay up to three flat maintenance fees over a series of years (which typically works out to a few thousand dollars), or be in addition to those charges. Draft proposals and financial models are being worked on now, The Journal reports. If the change goes through, it could be especially onerous for Big Tech firms like Apple or Amazon, which file for thousands of patents per year, the vast majority of which are filed for defensive purposes and never utilized. The money raised from the fees would be used to pay down the $37 trillion national deficit and possibly other unidentified tasks. The Commerce Department did not reply to Fast Company‘s request for comment about the possible changes. No other country charges patent holders a percentage of a patent’s value. In the U.S., utility patent holders currently pay maintenance fees at 3.5, 7.5, and 11.5 years after issuance. The 11.5-year feethe largest of the threeis $8,280, and roughly half of all patents are abandoned before reaching that point, placing the innovation into the public domain. (Design patents are exempt from maintenance fees.) The U.S. Patent and Trademark Office (USPTO) is a self-funded agency that covers its costs by collecting fees for the application for and issuance of patents and trademarks. Last year, it took in just under $4 billion in patent fees and $583 million in trademark feesand it maintains operational reserves to cover any financial shortfalls. A radical change to the 235-year-old office could bring about significant pushback from businesses, both domestic and international. Many would likely cut back on their patent filings, perhaps instead publishing information about innovations, which would prevent others from claiming a patent on that creation. Another potential hurdle is assigning valuations to patentssomething the USPTO has never done. Developing a reliable method would take time and money, and policymakers would also need to decide how to handle patents with little or no value (i.e., when the cost of obtaining the patent exceeds the products market value). The post-DOGE USPTO The potential changes to patent fees come just four months after the USPTO was the focus of a review by the Department of Government Efficiency. While it’s still unclear how many workers might have been laid off or taken early retirement, the department was ordered to halt its plans to recruit approximately 800 new employees, primarily patent examiners. In addition, Vaishali Udupa, the agency’s commissioner for patents, resigned in Februaryand people who work regularly with the department say theyve heard of other, lower-level departures. The wait time today to patent a product averages 30 months. (Trademarks take about 10 months to process.) Without the new employees, that could significantly extend those timesand adding a new patent process into the mix could stretch it out further. Commerce Secretary Howard Lutnick oversees the USPTO and pledged during his confirmation hearing to tackle the application backlog, which he called unacceptable.
Category:
E-Commerce
If youve proven your product on a pilot line, and its time to turn up real-world production, beware because many companies stumble on their first large-scale build. Before you pour concrete or sign any equipment orders, look at the full landscape of challenges: engineering, supply chain, utilities, and the human relationships that hold it all together. Scaling up isnt as simple as adding another shift. Its multiplying everything you do by orders of magnitude. Moving from pilot lots to commercial volumes often means a 1,000- to 10,000-fold jump in throughput, with megawatts of electrical load, and water usage that can rival a small town. Construction alone can run $300- to $950-per-square-foot before a single machine is installed on the floor. Miss the mark and the cost isnt just financial; its reputational. Schedule slips, lost customers, and bruised reputations follow fast. To move from pilot line to production line with confidence, follow these four steps for a successful scale-up. Master the process First, nail down the process by mapping the critical quality parameters like temperature, humidity, pressure, cycle time, purity, and set hard limits for each. Then, stress test them, and challenge your R&D team better. Run design-of-experiments on the pilot line or in a digital model to reveal where small shifts can trigger big cost savings. For instance, one client learned that relaxing humidity from 1% to 5% would half HVAC tonnage and save millions in capital expenditures and operating expendituresproof that tiny tweaks can save a budget. By truly grasping the process, you can size every supporting elementutilities, material flow, staffing, and automationas one integrated system rather than a patchwork of guesses. Capture the data, lock the findings into a concise process design package, and carry that document forward. When you know exactly what the process is, the next steps become simpler and cheaper. Dont underestimate planning Start with the end in mind by defining must-hit key performance metrics (KPIs) and assign a value to each. Look past day one, and sketch how the site should flex five, 10 or even 15 years out to ensure that any expansion wont require a new round of demolition. Build your budget around total cost of ownership because operating expenses usually eclipse capital expenses within the first few years. Early in design, run what-if scenarios on power, water, logistics, and labor to see where small changes may unlock big lifetime savings. A solid plan also links directly to the process data you just captured, allowing you to size utilities, floor space, and headcount as one coherent ecosystem instead of a series of isolated line items. Always remember that good planning can overcome poor execution, but poor planning cant be overcome by the best project execution. Find the right team Scaling up succeeds or fails on people. Name a dedicated project leader with the authority to make fast decisions and free that person from the distractions of their current day job. Build a core owners team that blends operations, engineering, finance, with environmental, health, and safety, so that key decisions are vetted through multiple lenses in real time. When selecting outside partners, look for firms with proven scale-up experience and incentives that align with yours. Create mutually beneficial contracts that keep everyone rowing in the same direction. Onboard partners early, regularly co-locate them physically or in a virtual war room, and encourage short, recurring stand-ups to surface issues before they become costly delays. A well-constructed, well-aligned team will turn your solid plan into an on-time, on-budget reality. The wrong team will burn through schedule, cash, and goodwill faster than any technical misstep. Implement strong management Once ground is broken, disciple becomes the differentiator. Put a seasoned program manager at the helm to own the master schedule, budget, and KPI dashboard. Resist the temptation to micromanage the process, rather schedule regular data-driven reviews that spotlight variances early while they are still cheap to fix. Pair that oversight with a formal management-of-change process, changes to scope, design, or materials routes through a single, transparent workflow that weights cost, timeline, safety, and regulatory impact before approval. Finally, capture lessons learned in real-time, not at project closeout, so improvements feed straight back into construction and into future scale-ups. Strong, visible management turns a good team and a good plan into a plant that starts up on time and performs from day one. Do these four things well, and your new facility wont merely open on schedule, it will deliver the throughput, quality, and cost profile that turns a promising idea into a market-shaping reality. Mike Sewell is director of innovation at Gresham Smith.
Category:
E-Commerce
All news |
||||||||||||||||||
|
||||||||||||||||||