#cybersecurity | Autonomy and the death of CVEs?


How many potholes did you encounter on your way into work today?  And how many of them did you report to the city?

Vulnerability reporting works much the same way. Developers find bugs – and vulnerabilities – and don’t always report them. That’s because of the manual process to diagnose and report each one. And that manual process might be holding automated tools back.

Software is assembled

Software is assembled from pieces, not written from scratch. And when you build and deploy an app, you also inherit the risk of each of those pieces. For example, A 2019 Synopsys reports 96% of code bases [caution: email wall] they scanned included open source software, and up to 60% contain a known vulnerability.

And risks don’t stop there. Open source and third-party components are heavily used when you operate software. For example, 44% of indexed sites use the Apache open source web-server. A single exploitable vulnerability in the Apache webserver would have serious consequences for all of those sites.

How do you determine if you’re using a known vulnerable building block?  You consult a database. They go by different names, but at the root of many of them is the MITRE CVE database.

Entire industries have been created just to check databases for known vulnerabilities. For example:

Copyright © 2019 IDG Communications, Inc.



Click here for the Source to this story.
____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Leave a Reply