Expert Advice Developers to Improve Software Security After NAME:WRECK Disclosure

The NAME:WRECK vulnerability disclosure showed the complexities developers are navigating through today. It remains to be seen if malicious actors have taken advantage of the vulnerabilities, but the scale of the software issue was evident as it affects millions of IoT devices. 

The disclosure put some blame on the developers who unknowingly were using insecure code to create the software. Developers have a tough job today to satisfy the growth needs of their employers who are looking for any competitive edge as the economy recovers from the pandemic. This need for speed forces developers to reuse code from open source libraries which may have been left unchecked for years or decades. 

Experts Comments

April 16, 2021
Craig Sanderson
VP of Security Products
Infoblox

WRECK vulnerabilities further highlight the potential impact of vulnerabilities in DNS. DNS connects our digitally transformed world and is a common denominator that all IoT devices rely on. It is critical for organizations to pay close attention to the DNS security gaps to mitigate the risks of Denial of Service (DoS) attacks, data exfiltration, and malware-related threats.

 

These incidents give us an opportunity to take a look at potential prevention steps. In this case, a robust DNS

.....Read More

WRECK vulnerabilities further highlight the potential impact of vulnerabilities in DNS. DNS connects our digitally transformed world and is a common denominator that all IoT devices rely on. It is critical for organizations to pay close attention to the DNS security gaps to mitigate the risks of Denial of Service (DoS) attacks, data exfiltration, and malware-related threats.

 

These incidents give us an opportunity to take a look at potential prevention steps. In this case, a robust DNS solution detects and stops 90% of malware that touch DNS on their way in and out of a network. An organization using DNS security gets an extra layer of protection for IP-enabled IoT devices and IoT gateways. Similarly, organizations can use policy rules to proactively protect against incoming threats. In this case, a rule to block external access to IoT devices would have eliminated the risk.

  Read Less
April 16, 2021
John Smith
EMEA CTO
Veracode

What has discovered in the NAME:WRECK disclosure is not surprising given the breadth of open source code libraries available today. Instead of pointing the finger at developers, the cybersecurity industry should be educating them on the best practices for building secure software. This requires our education system to provide adequate security training to the next generation of developers before they enter the world of work.  

 

As developers continue to share and reuse code, all parties in the

.....Read More

What has discovered in the NAME:WRECK disclosure is not surprising given the breadth of open source code libraries available today. Instead of pointing the finger at developers, the cybersecurity industry should be educating them on the best practices for building secure software. This requires our education system to provide adequate security training to the next generation of developers before they enter the world of work.  

 

As developers continue to share and reuse code, all parties in the software supply chain should collaborate to ensure the code is secure. The potential impact of exploiting the NAME:WRECK vulnerabilities are substantial, but software flaws are not a new threat for businesses and the cybersecurity sector. 



Our State of Software Security report found at least 76% of software used by the manufacturing industry has at least one security flaw, and the sector is the slowest to fix those flaws. This is the time when businesses, developers, and the cybersecurity sector should unite to keep society safe from harmful cyberattacks.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.