TechNewsPro_Masthead_2.jpg

The latest in NEWS, RESOURCES and JOBS

Lower the TCO of your legacy data wareho
Talend_Banner_728x90px_v1.jpg
  • Sahriar Shuvo - Tech Journalist

A way around Open-source Vulnerabilities: The long-standing secure software design

Copyright holders of open-source programs, scripts, batch files grant other users and developers legal rights to modify, update, change and distribute for any purpose. In fact, in a world where cybersecurity issues are shaking the toughest barrels, open sources are fighting a tough battle. Nonetheless, every application has weak points, it’s just a matter of time when it will be discovered.



There are a few strategies to keep in mind regarding open-source vulnerabilities. If we browsed through GitHub and Stack Overflow, there are thousands of open-source programs. Some of which are used by large companies more than personal. Open-source saves companies and individuals tons of money. Which means it’s not going anywhere anytime soon. During the 2018 Equifax breach, we understood the vulnerabilities and consequences despite many benefits. A solution that came through the ladder was proper maintenance.

According to a 2021 report by Synopsys, more than 1,500 codebases were compromised with vulnerabilities and conflicts. Around which 17 industries were involved. Open-Source Security and Risk Analysis (OSSRA) reported the matter for a sequence of six long years. Today codes are not only meant to find a solution, it benefits more if the scripts are more optimised. Meaning security in a low number of lines. But many owners are not aware of the vulnerabilities.


Synopsys also reported an average of 528 open-source components which is used on single application platforms. So, in this 84 per cent codebase, there may be 158 vulnerabilities per codebase. Dr David Wheeler, Open-Source Supply Chain Security at Linux told that “I want to emphasize that software is under attack.” But he also said, “just because there is a dependency that’s a vulnerability”. It doesn’t mean the situation is exploitable.


To avoid open-source complaints, companies need to avoid the strategy fully. But it will increase the cost to run programs by a 50 per cent margin. And for large enterprise and organization, this number can pile to be huge. The time required for development will also increase by 50 per cent. Common Vulnerabilities Enumeration (CVE) listed more than 8,000 new vulnerabilities during the 2017 National Vulnerabilities Database campaign.


Many companies work closely with GitHub and internal IT management push codes with permissions to apply on components. Those components can be of the real world or in a sandbox machine. Many popular services and applications use the open-source library that we use daily. Holding behind the long-standing secure software design is a commitment. There are a few practical solutions. Developers should learn to design the software with the most adequate practices. Meaning security should be kept in mind with organised workflow. The standards should be met with customer reliability and breach probability. Thinking of breach probability means there should be backup to navigate through security and get everything on quickly in case there is a disaster. Automating software design is another option.


Statics says software that went through secure automation for a long period tend to be safer than the ones designed and deployed early. That’s why many companies prefer beta or alpha testing and user statics.


The programming language also makes a difference. As there is no guarantee but certain languages make more sense than others in certain projects. Similar to all the common OS that mass use, there is also a chance software’s are developed in C or C++. Memory allocation is not very safe in these but other aspects are better. In C and C++, most out of access arrays, and bounds can be captured immediately, as they can cause undefined behaviour.


“If” a vulnerability is discovered, it should take little to no time to update. Implementation of urgent security deployment is essential. Automated tools can be used to fix further problems.

Spotting & keeping cyber risks under control needs proper management. A data breach can happen at any time. Phishing, cross-site scripting makes services vulnerable. The open-source community plays a vital role in the development of software and services.

Element_300x600_June_2.jpg

LATEST RESOURCES

 

 

How the Australian government departments are revitalising the citizen and supplier experience

Accelerating the delivery of excellent service. Here we outline how government departments can deliver a better experience while also saving time and money for themselves and their staff by leveraging process mapping, automation and document generation.

Best Practices for Office 365 Security

Microsoft Office 365 has largely defined how teams collaborate in the cloud with over 100 million monthly users. We look at the best practices for Office 365 security monitoring.

Beyond Security Events and Compliance 

The Splunk platform is designed to investigate, monitor, analyze and act on data at any scale. We call this Data-to-Everything Platform, which removes barriers between data and action.

The Impact of Chatbots and AI on the Customer Journey

Emerging technologies – like Artificial Intelligence (AI) – are helping companies transform the customer experience, but businesses need to act quickly to stay ahead of the pack and start delivering the type of service that becomes a true competitive differentiator.

Endpoint Security for Dummies

Symantec Endpoint Suite Product Guide. Stay ahead of the evolving threat landscape. Prevent ransomware and emerging threats. Saves resources with simplified EDR.

Leveraging CIAM to Unlock the Power of AI and IoT

How customer identity and access management (CIAM) maximises the business value of AI and IoT while protecting your customers.

Parting the clouds. 

for greater security

Covid-19 has landed CSOs a unique opportunity to embrace web isolation.

Eliminate malware threats with zero trust 

Isolation-powered security provides full protection against email and Web based threats.

MenloSecurity_Signature_Purple_RGB.jpg
MenloSecurity_Signature_Purple_RGB.jpg
bold360_Logo..png
Symantec_Logo.png
Alien_Vault_Logo.jpg
Splunk_logo.png
nintex_logo.png

    SUBSCRIBE

to our latest RESOURCES

to keep up to date with the

latest whitepapers

WP_GMC_Cover.jpg
WP_bold360_Cover.jpg