Uncovering hidden cybersecurity risks


                              By Adam Nichols, Principal of Software Security at GRIMM



            The technology we use and depend upon has critical vulnerabilities in their software and firmware, lurking
            just beneath the surface of the code. Yet, our process has not changed.  A week does not go by where
            we are not reading about a serious vulnerability in the news and subsequently scrambling to see if we
            are affected.
            This scramble, this mad dash, is a process we have all become accustomed to. The series of anxiety
            inducing questions start to hum around our organizations, “Are we using the affected software? Are our
            configurations vulnerable? Has an attack been detected? Should we apply a patch as soon as possible
            to prevent exploitation, but in doing so risk the side effects of adding an untested patch?”
            While  trying  to  protect  one’s  organization  from  potential  threats,  the  lifespan  of  the  vulnerabilities  in
            question are overlooked. If the vulnerabilities found were in recently added features, they may not have
            an impact on the organization if you are using stable or long-term-support software. On the other hand,
            if the vulnerabilities have been around for a long time, it begs the question of how they went unnoticed
            for so long.  More importantly, how can we find these things earlier, before there is a crisis?








            Cyber Defense eMagazine – June 2021 Edition                                                                                                                                                                                                46
            Copyright © 2021, Cyber Defense Magazine.  All rights reserved worldwide.