In response to the Krebs on Security report indicating that Zyxel 0day affects firewall products, experts offer perspective.
Zyxel, Taiwanese-owned, and similar to other Taiwanese device manufacturers such as Acer, ASUS, D-Link, HTC, Gigabyte Technology, Microtek, and QNAP Systems, makes commodity consumer hardware that is bound to have security bugs. However, Zyxel isn\’t bebugging (i.e., purposefully placing security bugs in code to be used later as would the other kind of bugs made famous during the Cold War era for their functionality as ranged listening devices) like Chinese-borne vendor, Huawei. — notorious to the NSA as Enemy Number One. Zyxel just made a mistake and has made good with patched firmware to help their customers in the short, mid, and long term.
There are some things Zyxel and these others could do that will really change the game. App development languages such as Rust not only feature better code-level protections against memory corruption attacks, but also lever Machine Learning and Artificial Intelligence modules through crates (Rust language terminology similar to Java class libraries) such as Rust datafusion. OWASP has proposed safety languages and secure frameworks since mid inception when OWASP released the ESAPI and ASVS projects for secure APIs and appsec verification standards. Many embedded systems vendors adding Rust and ML/AI to their base Operating Systems and dependencies will integrate OWASP standards to achieve a higher level of privacy and hardened-grade security. Let\’s start shipping this paradigm today.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics