Expert Advice Developers to Improve Software Security After NAME:WRECK Disclosure

The NAME:WRECK vulnerability disclosure showed the complexities developers are navigating through today. It remains to be seen if malicious actors have taken advantage of the vulnerabilities, but the scale of the software issue was evident as it affects millions of IoT devices. 

The disclosure put some blame on the developers who unknowingly were using insecure code to create the software. Developers have a tough job today to satisfy the growth needs of their employers who are looking for any competitive edge as the economy recovers from the pandemic. This need for speed forces developers to reuse code from open source libraries which may have been left unchecked for years or decades. 

Subscribe
Notify of
guest

2 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Craig Sanderson
Craig Sanderson , VP of Security Products
InfoSec Expert
April 16, 2021 3:35 pm

<p>WRECK vulnerabilities further highlight the potential impact of vulnerabilities in DNS. DNS connects our digitally transformed world and is a common denominator that all IoT devices rely on. It is critical for organizations to pay close attention to the DNS security gaps to mitigate the risks of Denial of Service (DoS) attacks, data exfiltration, and malware-related threats.<u></u><u></u></p> <p> <u></u><u></u></p> <p>These incidents give us an opportunity to take a look at potential prevention steps. In this case, a robust DNS solution detects and stops 90% of malware that touch DNS on their way in and out of a network. An organization using DNS security gets an extra layer of protection for IP-enabled IoT devices and IoT gateways. Similarly, organizations can use policy rules to proactively protect against incoming threats. In this case, a rule to block external access to IoT devices would have eliminated the risk.</p>

Last edited 1 year ago by Craig Sanderson
John Smith
John Smith , EMEA CTO
InfoSec Expert
April 16, 2021 3:31 pm

<p style=\"font-weight: 400;\">What has discovered in the NAME:WRECK disclosure is not surprising given the breadth of open source code libraries available today. Instead of pointing the finger at developers, the cybersecurity industry should be educating them on the best practices for building secure software. This requires our education system to provide adequate security training to the next generation of developers before they enter the world of work.  </p> <p> </p> <p style=\"font-weight: 400;\">As developers continue to share and reuse code, all parties in the software supply chain should collaborate to ensure the code is secure. The potential impact of exploiting the NAME:WRECK vulnerabilities are substantial, but software flaws are not a new threat for businesses and the cybersecurity sector. </p> <p style=\"font-weight: 400;\"><br /><br />Our State of Software Security report found at least <a href=\"https://www.veracode.com/blog/intro-appsec/manufacturing-has-lowest-percentage-high-severity-flaws-needs-improve-time\" data-saferedirecturl=\"https://www.google.com/url?q=https://www.veracode.com/blog/intro-appsec/manufacturing-has-lowest-percentage-high-severity-flaws-needs-improve-time&source=gmail&ust=1618665642351000&usg=AFQjCNFBJae43FYST8ZVAtEL9xXgciEiZw\">76% of software used by the manufacturing industry</a> has at least one security flaw, and the sector is the slowest to fix those flaws. This is the time when businesses, developers, and the cybersecurity sector should unite to keep society safe from harmful cyberattacks.</p>

Last edited 1 year ago by John Smith
Information Security Buzz
2
0
Would love your thoughts, please comment.x
()
x