Vulnerability management is becoming increasingly important to companies due to the rising threat of cyber security attacks and regulations like PCI DSS, HIPAA, NIST 800-731 and more. Vulnerability management is a comprehensive process implemented to continuously identify, evaluate, classify, remediate, and report on security vulnerabilities.
Infrastructure as code (IaC) promises to make developers more agile, but it’s not without risk. Learn more about what IaC is, its benefits, and best practices for how to use this technology securely.
Over the past few years organizations have been shifting security tools and practices left to ensure that application security is addressed from the earliest stages of the software development life cycle (SDLC). These efforts also increasingly cover open source components, which comprise up to 80% of our software products.
The SolarWinds attack in late 2020 exposed the data of more than 18,000 businesses and governmental departments – many of which are gatekeepers for the country’s most vital infrastructure. While attacks against the software supply chain aren’t new, they are increasing exponentially.
As organizations look for solutions that enable them to create a software bill of materials (SBOM) to ensure they’re meeting new governmental mandates for protecting the software supply chain, it’s important to understand the difference between solutions based on reporting vs. remediation. The primary focus of any SBOM solution should be on open source code. The use of open source continues to expand exponentially. Open source components comprise 60%-80% of today’s applications.
According to the National Vulnerability Database (NVD), the number of new security vulnerabilities increases steadily over the past few years. Image source: NVD The consistent rise in the number of security vulnerabilities along with headline-catching exploits like the SolarWind supply chain attack earlier this year has organizations doubling down on vulnerability management programs to ensure that they are not exposed to malicious attacks.
Risk management of code is an important and often overlooked development function that you need to pay attention to. You may think that this is not a developer’s problem, however developers should not write code that unduly adds to technical debt, hence the need to manage risk. The primary motivation for risk management is to prevent error or failure. Do not seek to eliminate failure, seek to minimise it, to manage the risk of failure.