Washington has long accused China of cyberattacks and economic espionage – AFP
October has now become the established month for all things cybersecurity, and a series of events and campaigns are organized so that the key issues can be discussed and disseminated.
Cyber Security Awareness Month is now in its 18th year, originally launched by the United States Department of Homeland Security and the National Cyber Security Alliance to ensure that organizations and consumers are prepared to face the landscape of the cybersecurity.
Johannes Dashe, head of R&D at SonarSource, examines some of the lessons from the 2021 cybersecurity event. Dashe explains that code security is a fundamental part of the security process.
Dashe points out that: “Code security is a critical part of an organization’s overall cybersecurity posture. “
It follows that if coding issues are “not properly addressed in a timely manner and on an ongoing basis, coding errors can turn into serious vulnerabilities that allow malicious actors to access applications, databases and other critical systems, giving them access to sensitive data and more ”.
To put this in the context of enterprise systems, Dashe selects an appropriate case study: “For example, the research team at SonarSource recently spotted serious vulnerabilities in several popular open source programs, including Zimbra, a software solution. web messaging; Etherpad online text editor; and elFinder, a file manager. Similar codes can be hidden in any open source or proprietary code base.
The level of problems that this event triggered was substantial and global. Therefore, those who might be affected should be proactive, says Dashe.
Dashe says, “Because of this, organizations need to leave time behind to separate development and security teams. Developers are in the best position to keep their code safe, and leveraging modern Static Application Security Testing (SAST) tools is a quick and easy way for developers to receive feedback and advice on fixing vulnerabilities. reviews directly in the IDE, at the time of writing. their code.
In terms of practical advice, Dashe recommends, “It’s time to include code security in the larger cybersecurity conversation and recognize the critical role it plays in the security of our organizations and our sensitive data,” as well as the opportunity it represents for developers to grow and have a positive impact on application security.
