A recent study has shown that certain types of business software are more vulnerable and less safe if in them they bundled codes or third-party software. Now companies are setting themselves (or should ask questions).
First ask yourself if the bundled software can become a safety issue for a company. And, therefore, if the bundle is a parameter to consider in the purchase of software and hardware keep safe their business data .
According to the Vulnerability Update Report compiled by security specialist Secunia, the vulnerabilities discovered between August and September 2014, had found that out of a total of 1,841 software vulnerabilities, the first 20 were produced by IBM. It really was not the brand in dispute but rather, the fact that some of its products include third-party software using Java and OpenSSL library.
No Java that takes
It is known as Java has been hit by safety concerns arising from the zero-day vulnerabilities, while OpenSSL, the past year has had to deal with the security bugs heartbleed. Unfortunately, or and every time you expose a vulnerability in these and other software that include these types of libraries included in IBM products (brand that enjoys great trust from its customers) corporate image anyway suffers.
From a practical standpoint, when discovered a vulnerability in Java and, consequently, releases a patch , IBM needs to release itself an update patch owner for all catalog products that incorporate Java, putting it available to customers as fast as possible. This problem is not only IBM, but also of all those software vendors that use codes and third-party components that may put at risk the products in distribution.
In short, the use of bundled third-party software has become a very important issue, as it appears in the Top 10 list of most dangerous vulnerabilities compiled from OWASP (Open Web Application Security Project).
What are the dangers hidden
More program is complex and uses third-party components, and potentially most dangerous and exposed to attacks by malicious. All this must be taken into high consideration when assessing the suitability of products to buy for their own company. Here are expert tips:
- Verify that the license agreement are elencarti such third-party software are installed and used (which is very often not the case and so a company can find a flaw in the security system without knowing the origin).
Try to figure out how fast the manufacturer releases patch to fix any vulnerabilities and what method used to distribute to their customers.
The way software vendors provide updates or patches for its products has changed in recent years. For example Google and Mozilla release incremental updates to its browser every two / three months and this is certainly the best method to solve the problems of vulnerability in a timely manner . On the contrary, the use of software that I understand codes and third-party components greatly increase the number of programs from different manufacturers that are installed on computers within the corporate network. This means that network administrators must engage in a broad update operation for a large amount of software, with the risk that some of the systems may not be fully updated by exposing it to an involuntary chance of being violated by a vulnerability unresolved .
To underline, finally, that according to the Center for Strategic and International Studies, software such as Java, Adobe Acrobat and Reader, Adobe Flash and QuikTime were applications most frequently used by hackers as a vector of attack users running the Windows operating system.
The software components that use this risk could then be taken off the list of those to be employed in the company, steps to help keep safe the entire network infrastructure.
No comments:
Post a Comment