Expert On Report: Zyxel 0day Affects Its Firewall Products

In response to the Krebs on Security report indicating that Zyxel 0day affects firewall products, experts offer perspective.

Experts Comments

February 27, 2020
Andre Gironda
VP
Cerberus Sentinel
Zyxel, Taiwanese-owned, and similar to other Taiwanese device manufacturers such as Acer, ASUS, D-Link, HTC, Gigabyte Technology, Microtek, and QNAP Systems, makes commodity consumer hardware that is bound to have security bugs. However, Zyxel isn't bebugging (i.e., purposefully placing security bugs in code to be used later as would the other kind of bugs made famous during the Cold War era for their functionality as ranged listening devices) like Chinese-borne vendor, Huawei. -- notorious to.....Read More
Zyxel, Taiwanese-owned, and similar to other Taiwanese device manufacturers such as Acer, ASUS, D-Link, HTC, Gigabyte Technology, Microtek, and QNAP Systems, makes commodity consumer hardware that is bound to have security bugs. However, Zyxel isn't bebugging (i.e., purposefully placing security bugs in code to be used later as would the other kind of bugs made famous during the Cold War era for their functionality as ranged listening devices) like Chinese-borne vendor, Huawei. -- notorious to the NSA as Enemy Number One. Zyxel just made a mistake and has made good with patched firmware to help their customers in the short, mid, and long term. There are some things Zyxel and these others could do that will really change the game. App development languages such as Rust not only feature better code-level protections against memory corruption attacks, but also lever Machine Learning and Artificial Intelligence modules through crates (Rust language terminology similar to Java class libraries) such as Rust datafusion. OWASP has proposed safety languages and secure frameworks since mid inception when OWASP released the ESAPI and ASVS projects for secure APIs and appsec verification standards. Many embedded systems vendors adding Rust and ML/AI to their base Operating Systems and dependencies will integrate OWASP standards to achieve a higher level of privacy and hardened-grade security. Let's start shipping this paradigm today.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.