On March 21, 2025, Vercel disclosed a critical security vulnerability (CVE-2025-29927) which makes it possible to bypass authorization checks within a Next.js application if the authorization check occurs in middleware. Note: The Okta service is not affected by this vulnerability.

CSO Conversations is a blog series interviewing Okta’s Regional CSOs supporting David Bradbury, Okta’s Chief Security Officer in providing the best service for our customers. Okta’s Regional CSOs are integral to Okta’s Security Trust and Culture team, building and strengthening trusted advisor relationships with global security thought leadership.

This is the second blog publication in our series on Security Customer Trust. In our first blog, we explored how Okta’s Security Customer Trust team proactively maintains transparency and introduced our mission: to bolster security outcomes for Okta and the communities we serve. In this blog, we’ll touch on how we’ve introduced efficiencies in supporting these challenges through enablement, automation and self-service accesses.

At Okta, prioritizing security at the earliest stages of technology development and throughout the Software Development Lifecycle (SDLC) is of utmost importance. This blog article introduces our new Secure Development Lifecycle (SDL) whitepaper and highlights the importance of secure development practices throughout the technology lifecycle.

Use these two System Log queries to see every event during a given user session, or every event that used a given API token.

CSO Conversations is a blog series interviewing Okta’s Regional CSOs supporting David Bradbury, Okta’s Chief Security Officer in providing the best service for our customers. Okta’s Regional CSOs are integral to Okta’s Security Trust and Culture team, building and strengthening trusted advisor relationships with global security thought leadership.

Content-Security-Policy (CSP) is essentially allow-list policy that dictates what a web page can load. CSP is complex to implement and rollout - even a minor mistake could mean that important parts of the page will not load, which in Okta’s case could mean trouble authenticating. This blog article aims to provide a glimpse into our secure implementation journey and guidance for the industry based on lessons learned.

CSO Conversations is a blog series interviewing Okta’s Regional CSOs supporting David Bradbury, Okta’s Chief Security Officer in providing the best service for our customers. Okta’s Regional CSOs are integral to Okta’s Security Trust and Culture team, building and strengthening trusted advisor relationships with global security thought leadership.

Given the current geopolitical environment and remote work becoming a norm, it is increasingly common for individuals to use fraudulent, or stolen Identities to apply for employment with highly targeted companies, especially in the cybersecurity industry. This article details how Okta leverages Persona's technology for secure Identity verification.

CSO Conversations is a blog series interviewing Okta’s Regional CSOs supporting David Bradbury, Okta’s Chief Security Officer in providing the best service for our customers. Okta’s Regional CSOs are integral to Okta’s Security Trust and Culture team, building and strengthening trusted advisor relationships with global security thought leadership.