It has been reported by that Schneider Electric SE has disclosed that hackers exploited a flaw in its software in a watershed hack discovered last month that halted plant operations at an industrial facility. Chris Wysopal, CTO and Co-Founder at CA Veracode commented below.
Chris Wysopal, CTO and Co-Founder at CA Veracode:
“Unfortunately, breaches like this are becoming common place and part of the reason is businesses have viewed security as a detached from the development process. This results in a high prevalence of vulnerabilities, which in turn are used by hackers to exploit companies and steal data. Fixing this problem will require a major mind shift regarding the way we build software. And I can give you a great analogy. Even the fastest, most impressive cars today come with safety features like seatbelts, ABS, traction control and advanced features like break assist and lane departure warning systems. It wasn’t always this way. For a long time cars didn’t have any safety features and people got hurt. So, we introduced safety standards. Today, people think of car safety features the same way they think of functional features like fuel injection or pistons – even though these safety features aren’t required for the car to work. That’s how we need to think about software. Security needs to become one way we measure the quality of software. And to do that, we need to give developers the tools they need to make more secure software. Even though developers and security professionals think this is a difficult process, we found that when given the right tools, developers make more secure code. Our 2017 State of Software Security report found that when we gave developers tools to test for vulnerabilities early in their development process they had a 48% better fix rate than those who did not.”