October has now become the established month for all things connected to cybersecurity, and a series of events and campaigns are held so that the key issues can be discussed and disseminated.
Cybersecurity Awareness Month is now in its 18th year, initially launched by the U.S. Department of Homeland Security and the National Cyber Security Alliance to ensure organizations and consumers are ready to take on the cybersecurity landscape.
Looking at some of the lessons for the 2021 cybersecurity event is Johannes Dahse , Head of R&D at SonarSource. Dashe explains that the security of codes represents a fundamental part of the security process.
Dahse outlines that: “Code security is an essential component of an organization’s overall cybersecurity posture.”
It follows that if coding issues are “Not properly addressed on a timely and ongoing basis, coding mistakes can turn into serious vulnerabilities that allow malicious actors entry points to applications, databases and other critical systems, granting them access to sensitive data and more.”
To put this into the context of business systems, Dahse selects an appropriate case study: “For example, the SonarSource Research team has recently spotted serious vulnerabilities in several popular open source programs, including Zimbra, a webmail solution; online text editor Etherpad; and elFinder, a file manager. Similar ones can hide in any open source or proprietary codebase.”
The level of issues that this event triggered were substantial and global. Therefore, those potentially impacted should be proactive, says Dahse .
Dahse states: “For this reason, organizations must put the days of keeping development and security teams separate behind them. Developers are in the best position to ensure the security of their code, and leveraging modern static application security testing (SAST) tools is a fast and easy way for developers to receive feedback and guidance for fixing critical vulnerabilities right in the IDE, as they write their code.”
In terms of practical advice, Dahse recommends: “It’s time to include code security in the larger cybersecurity conversation, and recognize the critical role it plays in keeping our organizations and sensitive data safe, as well as the opportunity it represents for developers to grow and make a positive impact on application security.”