Washington has long accused China of cyberattacks and economic espionage – AFP
October has now become the established month for everything related to cybersecurity, and a series of events and campaigns are organized so that the key issues can be discussed and disseminated.
Cyber ââSecurity Awareness Month is now in its 18th year, originally launched by the US Department of Homeland Security and the National Cyber ââSecurity Alliance to ensure organizations and consumers are prepared to tackle the cybersecurity landscape.
Johannes Dashe, head of R&D at SonarSource, examines some of the lessons from the 2021 cybersecurity event. Dashe explains that code security is a fundamental part of the security process.
Dashe points out that: âCode security is a critical part of an organization’s overall cybersecurity posture. “
It follows that if coding problems are “not properly addressed in a timely and continuous manner, coding errors can turn into serious vulnerabilities that allow malicious actors entry points to critical applications, databases and other systems, giving them access to sensitive data and more.
To put this in the context of enterprise systems, Dashe selects an appropriate case study: âFor example, the research team at SonarSource recently spotted serious vulnerabilities in several popular open source programs, including Zimbra, a software solution. web messaging; Etherpad online text editor; and elFinder, a file manager. Similar codes can be hidden in any open source or proprietary code base.
The level of problems that this event triggered was substantial and global. Therefore, those who might be affected should be proactive, says Dashe.
Dashe says, âFor this reason, organizations need to allow time to separate development and security teams. Developers are in the best position to keep their code safe, and leveraging modern Static Application Security Testing (SAST) tools is a quick and easy way for developers to receive feedback and advice on fixing vulnerabilities. reviews directly in the IDE, at the time of writing. their code.
In terms of practical advice, Dashe recommends, âIt’s time to include code security in the larger cybersecurity conversation and recognize the critical role it plays in the security of our organizations and our sensitive data,â as well as the opportunity it represents for developers to grow and have a positive impact on application security.