Following this week’s story on the OpenSSL security flaw – rated with high severity and which affects any application that verifies certificates.
Paco could shed light on how organisations can best prepare and protect themselves for these types of software security incidents. For example, Paco can explain how simulating these types of attacks in advance enables organisations to respond in a more practiced manner. Paco commented on the OpenSSL Flaw :
Paco Hope, Principal Consultant, Cigital :
“The frequency and severity of issues like these OpenSSL vulnerabilities are why the BSIMM measurement, a framework which helps organizations to measure and plan their software security initiatives, has increasingly observed software security activities like “simulate a software crisis” in the firms that it has measured. (https://www.bsimm.com/online/deployment/cmvm/?s=cmvm3.3#cmvm3.3). Firms who are relatively mature in their software processes do not view software as a completed artefact. Instead they develop ecosystems to support and secure it like a growing, living organism. Mature firms respond to a major vulnerability like this as an exercise they have practiced, not a chaotic panic.”[su_box title=”About Cigital” style=”noise” box_color=”#336588″]Cigital is one of the world’s largest application security firms. We go beyond traditional testing services to help our clients find, fix and prevent vulnerabilities in the applications that power their business. Our holistic approach to application security offers a balance of managed and professional services and products tailored to fit your specific needs. We don’t stop when the test is over. Our experts also provide remediation guidance, program design services, and training that empower you to build and maintain secure applications.[/su_box]