CDM-CYBER-DEFENSE-eMAGAZINE-March-2019

More documents

Recommendations

Info

Overcoming Software Security Issues Caused by the Third-Party Software Procurement Model As software becomes more sophisticated, organizations of all sizes continue to harness its capabilities to transform their go-to-market strategies and streamline their operations. Whether the software is developed in-house, through third-party vendors or is of the pre-packaged, off-theshelf variety; businesses are looking to exploit the latest innovations in order to more effectively compete in the marketplace. With the rise in the value of intangible software-based services and the data collected through those services, companies have invested heavily in security software and systems in order to protect their most important assets. At the same time, DevOps have been given the mandate to implement more and more innovative functionality, as quickly as possible. This has put the security and DevOps teams at cross-purposes. Getting software provisioned as quickly as possible has not given the security team’s adequate time to ensure full product security. Until recently, ensuring software security has not had the same priority. That is changing. With new data security and privacy regulations being enacted in some states and the E.U., the C-Suite is pushing hard to have its cake and eat it too. In other words, CEOs, CIOs and CSOs are mandating that software be more capable, developed and provisioned more quickly, while being more hardened against attack. The current third-party software procurement model makes the previously mentioned C-Suite goals unattainable.
Today’s Third-Party Software Procurement Model By sourcing third-party code instead of developing all software internally, DevOps teams lower their overall development costs and quickly add innovative capabilities to help their businesses remain competitive. Leveraging third-party software components increases efficiency because it saves months or years of originally required development time. In fact, the majority of the custom software in today’s enterprise is sourced externally or contains code from third-party vendors that is built using open source code components. Interestingly, the third-party code is almost always delivered in binary format. Though this delivery method protects the third-party development teams’ intellectual property, it makes it almost impossible to accurately account for all open source software (OSS) components in the provided binaries. This problem is compounded when an enterprise platform is updated by different software vendors, over extended periods of time and integrated with off-the-shelf applications. Why Open Source Components Matter More than 90 percent of all the software written and in use today integrates some open source code. Such code is used in operating systems, network platforms and applications. This trend will only continue to grow because, by leveraging open source, DevOps can lower integration costs and quickly add new innovations the C-Suite was clamoring to have yesterday. Whether software is proprietary or open source, it harbors security vulnerabilities. Because of its transparent and collaborative development model, open source code tends to be better engineered than a comparable piece of proprietary code. And thanks to its openness to extension and reuse, open source code is used extensively. This means that a security vulnerability in a piece of open source code is likely to exist across a multitude of applications and platforms. The open source community is becoming increasingly active in finding and publishing new security vulnerabilities. Consequently, known open source software vulnerabilities become a road-map for hackers to target and attack businesses’ systems. Those systems that contain known vulnerabilities that have been left unpatched or unaddressed are likely to fall victim to data loss and theft. For the past three years, we have seen an escalation in the number and severity of security breaches and data thefts. In many cases, the access point has been hackers leveraging known open source software vulnerabilities. The most costly to date, the 2017 Equifax breach, was due to a vulnerability in Apache Struts that had been known about for months. The Equifax team’s failure to patch the vulnerability in their software was catastrophic.
Page 1 and 2:
Data Breaches: Beyond Exposing Iden
Page 3 and 4:
CONTENTS (cont') Prioritizing Secur
Page 5:
@CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 22 and 23:
Data Breaches: Beyond Exposing Iden
Page 24 and 25:
About the Author Kem Gay is an Inte
Page 26 and 27:
Rip Off the Band-Aid This leaves us
Page 28 and 29:
Why Biometric Data Use Poses Unique
Page 30 and 31:
• DNA Kits: If you purchased or u
Page 32 and 33:
How to be Workforce Ready and Stand
Page 34 and 35:
Maximiliano Gigli, a third-year cyb
Page 36 and 37:
Interestingly, the two groups diffe
Page 38 and 39:
Cross-site Scripting Is an Underrat
Page 40 and 41:
Stealing HTML5 web storage data: HT
Page 42 and 43:
Cybersecurity in New York City, the
Page 44 and 45:
A boom in cybersecurity startups se
Page 46 and 47: illion risks and threats among its
Page 48 and 49: Some Important Developments in the
Page 50 and 51: About the Author Sharmistha Sarkar
Page 52 and 53: employees to contractors and sub-co
Page 54 and 55: The Internet of Things Engineering
Page 56 and 57: About The Author Milica D. Djekic i
Page 58 and 59: kind. Many of them require some kin
Page 60 and 61: 2019 Risks in Focus: Cyber Incident
Page 62 and 63: However, the past year has also wit
Page 64 and 65: Why Insider Threats Are One of the
Page 66 and 67: Unlike with outside security threat
Page 68 and 69: Organizations will also frequently
Page 70 and 71: The US Must Catch Up to Other Promi
Page 72 and 73: The fact is, the wider internationa
Page 74 and 75: Integrate Compliance and Regulation
Page 76 and 77: Security have and have-nots How org
Page 78 and 79: 1. People Having the right people c
Page 80 and 81: sources (such as syslog’s, Net Fl
Page 82 and 83: Limitations of Current Endpoint Sec
Page 84 and 85: For effective detection, most EDR s
Page 86 and 87: Why Wi-Fi Hacking Will Persist Desp
Page 88 and 89: About the Author Ryan Orsi is Direc
Page 90 and 91: questions such as, “Who added a w
Page 92 and 93: About the Author Josh Paape is an O
Page 94 and 95: for well-known, repeatable needs fi
Page 98 and 99: Implementing Security Checks at Str
Page 100 and 101: Phishing in the Dark: Employee Secu
Page 102 and 103: phishing threats. Furthermore, almo
Page 104 and 105: Unfortunately, once an application
Page 106 and 107: Software Should Come with a “Nutr
Page 108 and 109: vulnerabilities. If they find vulne
Page 110 and 111: I can't get no satisfaction, I can'
Page 112 and 113: How Organizations Should Choose a L
Page 114 and 115: load balancers capable of integrati
Page 116 and 117: SaaS DNS Security: Are you Protecte
Page 118 and 119: associated with any security event
Page 120 and 121: 120
Page 122 and 123: 122
Page 124 and 125: 124
Page 126 and 127: 126
Page 128 and 129: 128
Page 130 and 131: 130
Page 132 and 133: 132
Page 134 and 135: 134
Page 136 and 137: 136
Page 138 and 139: 138
Page 140 and 141: 140
Page 142 and 143: 142
Page 144 and 145: 144
Page 146 and 147:
146
Page 148 and 149:
148
Page 150 and 151:
We’ve launched http://www.CyberDe
Page 152 and 153:
Marketing and Partnership Opportuni
Page 154 and 155:
Regent University’s Institute for
Page 156 and 157:
156
show all

CDM-CYBER-DEFENSE-eMAGAZINE-March-2019

Create successful ePaper yourself

Delete template?

Save as template?