It has been reported by that Schneider Electric SE has disclosed that hackers exploited a flaw in its software in a watershed hack discovered last month that halted plant operations at an industrial facility. Chris Wysopal, CTO and Co-Founder at CA Veracode commented below.
“Unfortunately, breaches like this are becoming common place and part of the reason is businesses have viewed security as a detached from the development process. This results in a high prevalence of vulnerabilities, which in turn are used by hackers to exploit companies and steal data. Fixing this problem will require a major mind shift regarding the way we build software. And I can give you a great analogy. Even the fastest, most impressive cars today come with safety features like seatbelts, ABS, traction control and advanced features like break assist and lane departure warning systems. It wasn’t always this way. For a long time cars didn’t have any safety features and people got hurt. So, we introduced safety standards. Today, people think of car safety features the same way they think of functional features like fuel injection or pistons – even though these safety features aren’t required for the car to work. That’s how we need to think about software. Security needs to become one way we measure the quality of software. And to do that, we need to give developers the tools they need to make more secure software. Even though developers and security professionals think this is a difficult process, we found that when given the right tools, developers make more secure code. Our 2017 State of Software Security report found that when we gave developers tools to test for vulnerabilities early in their development process they had a 48% better fix rate than those who did not.”
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.