The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2021 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list.
To help software vendors and customers defend against these attacks, CISA and the National Institute for Standards and Technology (NIST) have released Defending Against Software Supply Chain Attacks. This new interagency resource provides an overview of software supply chain risks and recommendations. The publication also provides guidance on using NIST’s Cyber Supply Chain Risk Management (C-SCRM) framework and the Secure Software Development Framework (SSDF) to identify, assess, and mitigate risks.
Researchers at Rapid7 evaluated five areas of cybersecurity that are both critical to secure to continue doing business on and across the internet, and are squarely in the power of CISOs, their IT security staffs, and their internal business partners to address, in their new round of Internet Cyber-Exposure Reports (ICERs). These five facets of internet-facing cyber-exposure and risk include:
SAP systems running outdated or misconfigured software are exposed to increased risks of malicious attacks, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned. SAP applications help organizations manage critical business processes—such as enterprise resource planning, product lifecycle management, customer relationship management, and supply chain management.
The Synopsys Cybersecurity Research Center (CyRC) analyzed more than 3,000 popular Android applications to assess the state of mobile app security during the COVID-19 pandemic. The study targeted the most downloaded and highest grossing apps across 18 categories, many of which have seen explosive growth during the pandemic.
In the current environment, it is wise to incorporate security into your software development lifecycle as early as possible. Historically, security checks were a pre-release gateway for a software team: if you passed, your product/service could go to production. At the same time, security checks used to require a code and environment freeze, while audit preparations led to chaos and a non-systematic approach in collecting important security documentation. All these elements led to a bottleneck for the project team. However, a long wait for security testing results is no longer an option since the typical project pace has significantly increased. Various project models suggest their own approaches for introducing security into software development.
One of the most important realities for enterprises to accept is that software security can only happen if developers have both the tools and the training to code securely. Here, we speak to Chris Wysopal, Chief Technology Officer and co-founder at Veracode about trends in software security and what organizations can do to make developers better at secure coding.
Synopsys, Inc.'s The Cost of Poor Software Quality In the US: A 2020 Report's findings reflect that the cost of poor software quality (CPSQ) in the US in 2020 was approximately $2.08 trillion. This includes poor software quality resulting from software failures, unsuccessful development projects, legacy system problems, technical debt and cybercrime enabled by exploitable weaknesses and vulnerabilities in software.
While the transformation of software development has progressed, the management of information security and risk organization in such environment is not defined and adapted to support such an environment. Based on SAFe Agile Principles by Scaled Agile, this article will suggest 4 culture shift in IT Security organization may consider in order to adapt to the recent trend of Agile Software development.