As every month, the recent security news was again full of newly discovered vulnerabilities, exploits, and malware campaigns. It has come to a point that regulators around the world are ramping up their efforts significantly to ensure the development of more resilient software. So, in this month’s newsletter we are focusing on the question: What is are the sources of some of the most pertinent vulnerabilities, and what can be done to mitigate them?
Patch, if you can
Software vulnerabilities can be difficult to combat continuously. Yet, as long as your vendor provides security patches, there is at least a way to mitigate them. Customers of firewall vendor Barracuda Networks apparently were faces with a bigger problem earlier this month. As Brian Krebs reports, the company asked its customers to rip out and replace its email security appliances.
Know what to avoid
Improper input validation, which was the root cause for the vulnerability in the previous story, also made in into the “Top 25 Most Dangerous Software Weaknesses” published by MITRE recently. Leading this list, however, is still the simple Out-of-bounds Write.
Keep track of what to protect
To get a better hold of software vulnerabilities, regulators globally are looking to Software Bill of Materials (SBOMs). In a recent example, the US FDA announced to mandate SBOMs for all medical devices involving software, planning to enforce this mandate from Oct. 1, 2023, onwards.
Think security holistically
Of course, SBOMs alone do not ensure software security. Enforcing best practices of secure software development and maintenance becomes indispensable. This starts with shifting security verification and enforcement left to identify security issues early, automating compliance checks throughout the development, and enforcing security governance in production through Infrastructure as Code (IaC) / Security as Code.
Finally, don't miss our upcoming webinar, looking at Emerging Security Technologies, on the 17th July 6 PM PST. Register now!
Cybersecurity Magazine Editorial Team
For our latest video discussion on the security and production systems please see the River Publishers YouTube.
The latest journal articles from River Publishers in all areas of cyber security can be found on the River Publishers website.