HomeRisk ManagementsDie Problematik von Unternehmen in Software-Schwachstellen | CSO Online

Die Problematik von Unternehmen in Software-Schwachstellen | CSO Online

Published on

spot_img

Security expert Chris Wysopal points out that many companies only have a fragmented view of software flaws and risks in their applications. He highlights that the proliferation of toolsets leads to “alarm fatigue” and the emergence of data silos that need to be interpreted to make decisions. To address the security backlog, Wysopal advises prioritizing error remediation based on risk.

In particular, when it comes to risks in the supply chain, the app security provider Black Duck analyzed 965 commercial codebases from 16 industries. The study revealed that 86% of commercial codebases contained open-source software vulnerabilities, with 81% of the flaws posing a high or critical risk.

Among the vulnerabilities found, eight of the top ten high-risk flaws were discovered in jQuery, a widely used JavaScript library. The most commonly found high-risk vulnerability was CVE-2020-11023, an XSS vulnerability affecting outdated versions of jQuery. Remarkably, this vulnerability still persists in a third of the scanned codebases.

This data underscores the importance of addressing security vulnerabilities in software supply chains to mitigate risks effectively. Companies must adopt a risk-based approach to remediate flaws in their applications promptly and prioritize fixing high-risk vulnerabilities to bolster their overall security posture.

Furthermore, the findings emphasize the need for organizations to invest in robust security measures and tools to proactively detect and mitigate software vulnerabilities. By taking proactive steps to secure their applications and prioritize risk-based error remediation, companies can enhance their cybersecurity defenses and protect themselves from potential data breaches and cyber threats.

In conclusion, the insights provided by Black Duck’s analysis shed light on the prevalent security risks associated with open-source software vulnerabilities in commercial codebases. By heeding these warnings and implementing proactive security measures, businesses can fortify their defenses and safeguard their sensitive data from malicious actors. Ultimately, prioritizing risk-based error remediation is crucial in addressing the security gaps within software applications and strengthening overall cybersecurity resilience.

Source link

Latest articles

GitHub discovers vulnerabilities in ruby-saml that expose users

Two high-severity vulnerabilities have recently been unearthed in the ruby-saml library, known for managing...

Webinar on Active Directory Recovery and Business Resilience

In a recent development, ISMG has introduced a new registration process for its members....

Protecting Your Venture from Cybersecurity Risk

Start-ups are increasingly becoming the target of cyberattacks, with a staggering 43% of all...

Polymorphic malware poses a new challenge for Karnataka cyber police, resulting in victims losing Rs 2,900 crore in 2024

BENGALURU: The fight against cybercrime in Karnataka has taken a new turn as fraudsters...

More like this

GitHub discovers vulnerabilities in ruby-saml that expose users

Two high-severity vulnerabilities have recently been unearthed in the ruby-saml library, known for managing...

Webinar on Active Directory Recovery and Business Resilience

In a recent development, ISMG has introduced a new registration process for its members....

Protecting Your Venture from Cybersecurity Risk

Start-ups are increasingly becoming the target of cyberattacks, with a staggering 43% of all...