Collaboration tools that have become more central to how organizations operate since the pandemic are poorly understood by infosec teams and are relatively immature in terms of accompanying security protections provided by third parties.
It’s a sign that software security – and open-source security in particular – is increasingly top of mind for investors as industry and governments respond to a series of damaging software-based hacks carried out by nation state actors over the past year.
Had two malicious commits not been caught, they could have infected scores of websites using the programming language.
Rising rates of vulnerabilities, a more complex development environment and a lack of industry standards are putting software applications at risk. Can newer security tools and processes turn the tide?
The backdoor is able to record the victim’s microphone, camera and keyboard entries, plus can upload and download files.
“The entire way we perform security in a development environment needs to be rethought.”
The new partnership with Silicon Valley CISO Investments will include an additional $250,000, but perhaps more importantly it will include support and guidance from dozens of practicing CISOs around operations, product road maps, pricing and marketing initiatives as the startup looks to scale its business.
The findings highlight a troubling habit that software developers can sometimes fall into: hastily scramble to issue an urgent vulnerability patch, only to move on to the next issue without fully grasping the underlying cause or crafting a wholistic fix.
The product from private cloud solutions company Accellion was near end of life at the time of the breach. Should customers have switched sooner?
If more attacks are uncovered, end-user organizations must apply lessons learned from SolarWinds and take decisive action.
