Part two of a three part series. Part one can be found here.
Your Code, Your Problem
Vulnerabilities can be inherited through your software supply chain, and it’s more common than we may like to admit. BlackDuck Software uncovered that 67% of the applications they analyzed contained open source security vulnerabilities.
Catch the FASTR series to see a technical proof of concept on our latest zero-day findings. Episode 4 features the discovery of a buffer overflow in glibc.
Free is Never Free
The odds are against us. Since 2014, the National Vulnerability Database (NVD) has reported more than 6,000 new open source vulnerabilities. The Application Security Report from Cybersecurity Ventures predicts that zero-day exploits will rise from one-per-week in 2015 to one-per-day by 2021. At the incredible speed at which new vulnerabilities are disclosed, software that was once secure will inevitably become insecure. Internal research conducted by cybersecurity company, Codenomicon, found that a 2012 smart TV inherited vulnerabilities at a rate of 0.58 CVEs per day over the source of 23 months -- from 178 unique vulnerabilities in 2012 to 584 unique CVEs in 23 components in 2015. See graph above.
The key takeaway? Software decays without ongoing maintenance. Akin to proper dental hygiene, continuous testing of third-party code is required for your organization’s security health.
Download the complete white paper Build a Test and Evaluation Plan with Advanced Fuzz Testing.
Thank you for subscribing!