Connect with us

Hi, what are you looking for?

Tech & Science

Protect the code: Cybersecurity month lessons

SonarSource Research team has recently spotted serious vulnerabilities in several popular open source programs, including Zimbra, a webmail solution.

Washington has long accused China of cyber attacks and economic espionage - AFP
Washington has long accused China of cyber attacks and economic espionage - AFP

October has now become the established month for all things connected to cybersecurity, and a series of events and campaigns are held so that the key issues can be discussed and disseminated.

Cybersecurity Awareness Month is now in its 18th year, initially launched by the U.S. Department of Homeland Security and the National Cyber Security Alliance to ensure organizations and consumers are ready to take on the cybersecurity landscape.

Looking at some of the lessons for the 2021 cybersecurity event is Johannes Dahse , Head of R&D at SonarSource. Dashe explains that the security of codes represents a fundamental part of the security process.

Dahse  outlines that: “Code security is an essential component of an organization’s overall cybersecurity posture.”

It follows that if coding issues are “Not properly addressed on a timely and ongoing basis, coding mistakes can turn into serious vulnerabilities that allow malicious actors entry points to applications, databases and other critical systems, granting them access to sensitive data and more.”

To put this into the context of business systems, Dahse selects an appropriate case study: “For example, the SonarSource Research team has recently spotted serious vulnerabilities in several popular open source programs, including Zimbra, a webmail solution; online text editor Etherpad; and elFinder, a file manager. Similar ones can hide in any open source or proprietary codebase.”

The level of issues that this event triggered were substantial and global. Therefore, those potentially impacted should be proactive, says Dahse .

Dahse states: “For this reason, organizations must put the days of keeping development and security teams separate behind them. Developers are in the best position to ensure the security of their code, and leveraging modern static application security testing (SAST) tools is a fast and easy way for developers to receive feedback and guidance for fixing critical vulnerabilities right in the IDE, as they write their code.”

In terms of practical advice, Dahse recommends: “It’s time to include code security in the larger cybersecurity conversation, and recognize the critical role it plays in keeping our organizations and sensitive data safe, as well as the opportunity it represents for developers to grow and make a positive impact on application security.”

Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

World

The whereabouts of James and Jennifer Crumbley, the parents of shooting suspect Ethan Crumbley, remained unknown Friday.

World

Russia is orchestrating a multi-front offensive involving up to 175,000 troops as soon as next year.

Tech & Science

According to a new International Energy Agency (IEA) report, renewable electricity growth is accelerating faster than ever worldwide.

World

The parents of a 15-year-old who shot dead four students at a US high school have been arrested.