Connect with us

Hi, what are you looking for?

Tech & Science

Protect the code: Cybersecurity month lessons

SonarSource Research team has recently spotted serious vulnerabilities in several popular open source programs, including Zimbra, a webmail solution.

Washington has long accused China of cyber attacks and economic espionage - AFP
Washington has long accused China of cyber attacks and economic espionage - AFP

October has now become the established month for all things connected to cybersecurity, and a series of events and campaigns are held so that the key issues can be discussed and disseminated.

Cybersecurity Awareness Month is now in its 18th year, initially launched by the U.S. Department of Homeland Security and the National Cyber Security Alliance to ensure organizations and consumers are ready to take on the cybersecurity landscape.

Looking at some of the lessons for the 2021 cybersecurity event is Johannes Dahse , Head of R&D at SonarSource. Dashe explains that the security of codes represents a fundamental part of the security process.

Dahse  outlines that: “Code security is an essential component of an organization’s overall cybersecurity posture.”

It follows that if coding issues are “Not properly addressed on a timely and ongoing basis, coding mistakes can turn into serious vulnerabilities that allow malicious actors entry points to applications, databases and other critical systems, granting them access to sensitive data and more.”

To put this into the context of business systems, Dahse selects an appropriate case study: “For example, the SonarSource Research team has recently spotted serious vulnerabilities in several popular open source programs, including Zimbra, a webmail solution; online text editor Etherpad; and elFinder, a file manager. Similar ones can hide in any open source or proprietary codebase.”

The level of issues that this event triggered were substantial and global. Therefore, those potentially impacted should be proactive, says Dahse .

Dahse states: “For this reason, organizations must put the days of keeping development and security teams separate behind them. Developers are in the best position to ensure the security of their code, and leveraging modern static application security testing (SAST) tools is a fast and easy way for developers to receive feedback and guidance for fixing critical vulnerabilities right in the IDE, as they write their code.”

In terms of practical advice, Dahse recommends: “It’s time to include code security in the larger cybersecurity conversation, and recognize the critical role it plays in keeping our organizations and sensitive data safe, as well as the opportunity it represents for developers to grow and make a positive impact on application security.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

Image: — © AFPKilian FICHOUUbisoft’s battle to maintain its share price has become almost as epic as its “Assassin’s Creed” franchise as the video...

Social Media

One local police report suggests that the vigilantes may be motivated by financial gains.

Business

Many professionals do not realise that just by working in certain industries, their personal data—emails, passwords, financial details—can be compromised.

Business

The analysis found the U.S. to be the best country for AI startups, boasting the largest total private investment ($335.2 billion).