Expert On Report: Zyxel 0day Affects Its Firewall Products

In response to the Krebs on Security report indicating that Zyxel 0day affects firewall products, experts offer perspective.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Andre Gironda
InfoSec Expert
February 27, 2020 9:17 am

Zyxel, Taiwanese-owned, and similar to other Taiwanese device manufacturers such as Acer, ASUS, D-Link, HTC, Gigabyte Technology, Microtek, and QNAP Systems, makes commodity consumer hardware that is bound to have security bugs. However, Zyxel isn\’t bebugging (i.e., purposefully placing security bugs in code to be used later as would the other kind of bugs made famous during the Cold War era for their functionality as ranged listening devices) like Chinese-borne vendor, Huawei. — notorious to the NSA as Enemy Number One. Zyxel just made a mistake and has made good with patched firmware to help their customers in the short, mid, and long term.

There are some things Zyxel and these others could do that will really change the game. App development languages such as Rust not only feature better code-level protections against memory corruption attacks, but also lever Machine Learning and Artificial Intelligence modules through crates (Rust language terminology similar to Java class libraries) such as Rust datafusion. OWASP has proposed safety languages and secure frameworks since mid inception when OWASP released the ESAPI and ASVS projects for secure APIs and appsec verification standards. Many embedded systems vendors adding Rust and ML/AI to their base Operating Systems and dependencies will integrate OWASP standards to achieve a higher level of privacy and hardened-grade security. Let\’s start shipping this paradigm today.

Last edited 2 years ago by Andre Gironda
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x