HomeRisk ManagementsDie Problematik von Unternehmen in Software-Schwachstellen | CSO Online

Die Problematik von Unternehmen in Software-Schwachstellen | CSO Online

Published on

spot_img

Security expert Chris Wysopal points out that many companies only have a fragmented view of software flaws and risks in their applications. He highlights that the proliferation of toolsets leads to “alarm fatigue” and the emergence of data silos that need to be interpreted to make decisions. To address the security backlog, Wysopal advises prioritizing error remediation based on risk.

In particular, when it comes to risks in the supply chain, the app security provider Black Duck analyzed 965 commercial codebases from 16 industries. The study revealed that 86% of commercial codebases contained open-source software vulnerabilities, with 81% of the flaws posing a high or critical risk.

Among the vulnerabilities found, eight of the top ten high-risk flaws were discovered in jQuery, a widely used JavaScript library. The most commonly found high-risk vulnerability was CVE-2020-11023, an XSS vulnerability affecting outdated versions of jQuery. Remarkably, this vulnerability still persists in a third of the scanned codebases.

This data underscores the importance of addressing security vulnerabilities in software supply chains to mitigate risks effectively. Companies must adopt a risk-based approach to remediate flaws in their applications promptly and prioritize fixing high-risk vulnerabilities to bolster their overall security posture.

Furthermore, the findings emphasize the need for organizations to invest in robust security measures and tools to proactively detect and mitigate software vulnerabilities. By taking proactive steps to secure their applications and prioritize risk-based error remediation, companies can enhance their cybersecurity defenses and protect themselves from potential data breaches and cyber threats.

In conclusion, the insights provided by Black Duck’s analysis shed light on the prevalent security risks associated with open-source software vulnerabilities in commercial codebases. By heeding these warnings and implementing proactive security measures, businesses can fortify their defenses and safeguard their sensitive data from malicious actors. Ultimately, prioritizing risk-based error remediation is crucial in addressing the security gaps within software applications and strengthening overall cybersecurity resilience.

Source link

Latest articles

Impact of Economic Factors on the Ransomware Environment

Inflation, cryptocurrency market volatility, and the ability to invest in defenses are all factors...

Preparing For The AI-Generated Cyber Threats Of 2025

In the realm of cybersecurity, the landscape is rapidly evolving, with Advanced Persistent Threats...

Cyber Storm Rising: Kaspersky’s Warning about AI-Driven Threats in South Africa

Kaspersky has recently released a report that sheds light on the growing cybersecurity threats...

Cybersecurity Fears Surface Following Decision to Abandon NHS England

In the aftermath of the announcement that NHS England will be scrapped to cut...

More like this

Impact of Economic Factors on the Ransomware Environment

Inflation, cryptocurrency market volatility, and the ability to invest in defenses are all factors...

Preparing For The AI-Generated Cyber Threats Of 2025

In the realm of cybersecurity, the landscape is rapidly evolving, with Advanced Persistent Threats...

Cyber Storm Rising: Kaspersky’s Warning about AI-Driven Threats in South Africa

Kaspersky has recently released a report that sheds light on the growing cybersecurity threats...