No dia 9 de março estivemos no 5º Cybersecurity Forum, organizado pela TI Inside, um dos veículos de tecnologia mais relevantes do Brasil e que, mais uma vez, reuniu o evento com muita competência e cuidado. Do espaço às conexões que aconteceram ali, a curadoria fez diferença. Saímos de lá com conversas boas, algumas confirmações e com uma percepção ainda mais clara sobre o momento que o mercado está vivendo.

Syft is one of the most widely adopted SBOM generation tools, used by Docker, Grafana, Helm, OpenTelemetry, and hundreds of other projects. Our Security Researcher, Heitor Gouvêa, identified a decompression bomb vulnerability in Syft: a malicious file of ~200KB can expand to hundreds of gigabytes during a scan, exhausting disk space and taking down entire CI/CD pipelines. The vulnerability was reported in February, confirmed by the Anchore team, and patched yesterday.

The discussion about SBOM (Software Bill of Materials) has shifted from being a peripheral topic in security to becoming a central part of modern software engineering.

CVE-2026-24512 describes a configuration injection vulnerability in ingress-nginx, the officially reported impact includes code execution in the context of the controller and exposure of secrets accessible by it.

The "tax" of CVE management does not appear as a line in the budget. It manifests in consumed capacity, windows of change, and lost predictability. This post proposes a simple baseline and shows how Quor's calculator helps to qualify the ROI conversation.

We imagine Quor taking his engineering team to the Secret Santa and we listed what he packed as a gift.

The demand comes with a simple audit question, usually related to SOC 2 or PCI DSS: what changed, when it changed, and in which artifact.

AI increases the speed of software development; the SOC operates at the limit to absorb signals and decisions. The convergence between Product Security and SecOps reduces noise, risk, and exposure.

Decree No. 12,573 formalizes the National Cybersecurity Strategy. Understand the pillars of E-Cyber, its impacts on essential services, and the challenges that still remain open.

We have gathered in a single glossary the terms that most often appear in conversations about security in Kubernetes.

Running conditions in runC mounts lead to Container Escape and Bypass of Linux Policies

How to explore, detect, and block with NetworkPolicies and Admission Policies

Why this CVE with a CVSS score of 10 deserves your attention now!

The end of free public images does not mean the end of innovation. On the contrary, it represents a necessary maturity.

September 2025. Getup arrived at the Gartner CIO & IT Executive Conference in São Paulo with something new to show and a good dose of anticipation about how it would be received.

Because product leaders should treat security as part of planning and not as an exception in engineering.

The financial impact of a well-applied strategy.

How is the security of your container images?

The increase in the use of containers and the consequent challenge of managing vulnerabilities (CVEs).

Discover how Getup is addressing the problem of vulnerabilities in containers, reducing CVEs by up to 90% and making security more efficient without impacting productivity.