HomeRisk ManagementsDie Problematik von Unternehmen in Software-Schwachstellen | CSO Online

Die Problematik von Unternehmen in Software-Schwachstellen | CSO Online

Published on

spot_img

Security expert Chris Wysopal points out that many companies only have a fragmented view of software flaws and risks in their applications. He highlights that the proliferation of toolsets leads to “alarm fatigue” and the emergence of data silos that need to be interpreted to make decisions. To address the security backlog, Wysopal advises prioritizing error remediation based on risk.

In particular, when it comes to risks in the supply chain, the app security provider Black Duck analyzed 965 commercial codebases from 16 industries. The study revealed that 86% of commercial codebases contained open-source software vulnerabilities, with 81% of the flaws posing a high or critical risk.

Among the vulnerabilities found, eight of the top ten high-risk flaws were discovered in jQuery, a widely used JavaScript library. The most commonly found high-risk vulnerability was CVE-2020-11023, an XSS vulnerability affecting outdated versions of jQuery. Remarkably, this vulnerability still persists in a third of the scanned codebases.

This data underscores the importance of addressing security vulnerabilities in software supply chains to mitigate risks effectively. Companies must adopt a risk-based approach to remediate flaws in their applications promptly and prioritize fixing high-risk vulnerabilities to bolster their overall security posture.

Furthermore, the findings emphasize the need for organizations to invest in robust security measures and tools to proactively detect and mitigate software vulnerabilities. By taking proactive steps to secure their applications and prioritize risk-based error remediation, companies can enhance their cybersecurity defenses and protect themselves from potential data breaches and cyber threats.

In conclusion, the insights provided by Black Duck’s analysis shed light on the prevalent security risks associated with open-source software vulnerabilities in commercial codebases. By heeding these warnings and implementing proactive security measures, businesses can fortify their defenses and safeguard their sensitive data from malicious actors. Ultimately, prioritizing risk-based error remediation is crucial in addressing the security gaps within software applications and strengthening overall cybersecurity resilience.

Source link

Latest articles

A Hacker’s Perspective on All Things Antenna

In a world where DIY antennas sometimes fall short of expectations, many enthusiasts find...

Lazarus Group Utilizes IIS Servers to Deploy Malicious ASP Web Shells

The Lazarus group, renowned for its cyber activities and associated with North Korean actors,...

Intel’s Secure Data Tunnel Facilitates the Movement of AI Training Models to Data Sources

In a groundbreaking development, the chip maker introduced the Tiber Secure Federated AI service,...

The Importance of Browser-Based Security in Zero Trust Operations

Browser isolation is becoming increasingly crucial in protecting access points as the remote work...

More like this

A Hacker’s Perspective on All Things Antenna

In a world where DIY antennas sometimes fall short of expectations, many enthusiasts find...

Lazarus Group Utilizes IIS Servers to Deploy Malicious ASP Web Shells

The Lazarus group, renowned for its cyber activities and associated with North Korean actors,...

Intel’s Secure Data Tunnel Facilitates the Movement of AI Training Models to Data Sources

In a groundbreaking development, the chip maker introduced the Tiber Secure Federated AI service,...