app vulnerabilities
NIST Deprioritizes Pre-2018 CVEs as Backlog Struggles Continue
NIST, which for more than a year has been struggling to address a backlog of CVEs in its database following budget cuts, is now putting pre-2018 vulnerabilities on the back burner to ...
Security Teams Failing to Address Open Source Vulnerabilities
The ongoing rise in open source vulnerabilities and software supply chain attacks is leaving organizations vulnerable to attack and causing greater challenges for security teams, according to Mend’s open source risk survey of nearly ...
Security Updates as Hostage Takers
Software updates are an essential part of modern technology, as they provide necessary fixes, improvements and new features to devices and software. While some software updates are designed to improve or enhance ...
Report Surfaces Top Vulnerabilities of 2022
Rezilion, a vulnerability management platform provider, shared a list of the top vulnerabilities discovered in 2022. The report suggested that organizations should address these before the start of the New Year if ...
Another Log4Shell? Not Quite-But Spring4Shell is Serious
As more details emerge on a Spring4Shell, a recently discovered remote code execution (RCE) flaw affecting Spring Framework, security researchers are urging affected users to immediately implement a patch issued by Spring ...
Searching for Bugs in Open Source Code
Let’s dispel the myth first: Open source software isn’t any less secure than closed source software. However, once a vulnerability is found in an open source program, it tends to be much ...
Report Finds Software Supply Chains Rife with Vulnerabilities
A report published today by application security testing tool provider GrammaTech in collaboration with Osterman Research suggests just about every software supply chain is rife with vulnerabilities. An analysis of commercial off-the-shelf ...
As Time to Fix Flaws Ticks Up, Mitigation Efforts Fall Short
Each month in 2021, NTT Application Security has been tracking the state of application security and the threat landscape, paying particular attention to the window of exposure (WoE), vulnerability by class and ...
Despite Pen Testing Efforts, Stubborn Vulnerabilities Persist
For those security professionals who work to mitigate enterprise software vulnerabilities, it may often seem like Groundhog Day—patching and mitigating the same types of vulnerabilities over and over again. As a just-released ...
RSA App Exposes User Data Due to Common Developer Mistake
Late last week security researchers found the RSA security conference exposing conference attendee data via vulnerabilities in its mobile app. Because a 3rd party developer had hard coded data – including security ...
