2018 Sets Records with More Than 16,000 Known Vulnerabilities
Hikvision on Using Ethical Hackers to Uncover Vulnerabilities, Advice to Address SecurityConcerns
In the piece, “2018 Set a New Record for Security Vulnerabilities,” Security magazine states that 2018 exceeded the record of the previous year with more than 16,500 known vulnerabilities catalogued, leading to rising concerns about security.
According to the article, hackers are leveraging software vulnerabilities to exploit systems. “When searching for weaknesses in applications, middleware and operating systems, hackers first target known security vulnerabilities. These vulnerabilities are well-documented, providing a “roadmap” for hackers to follow. Whether software code is proprietary or open source, it harbors security vulnerabilities. Advocates of open source argue that the accessibility and transparency of the code allow the “good guys”—corporate quality assurance teams, white hat hackers and open source project groups–to find bugs faster. Conversely, critics of open source contend that more attackers than defenders examine the code, resulting in a net effect of higher incidents of vulnerability exploits. Whichever is the case, the open source community is good at addressing vulnerability issues. Once security risks are discovered, the community will quickly catalogue and provide patches for these vulnerabilities,” from the article.
Open Source Software Adds to Challenges
Open source code can be used across many applications, which adds to cybersecurity challenges, said the author. He added that “when a heavily leveraged piece of open source code contains a security flaw, it may render vulnerable a potentially large number of software applications that have integrated this code.” This makes it difficult for software developers to efficiently track all open source software components.
The author recommended a tool called a “binary code scanner” to access software code fingerprints, which can then be compared across all open source catalogues. Identification through this fingerprint matching system makes it easier to find known security vulnerabilities in code.
Make Vulnerability Identification a Priority
Addressing vulnerabilities has not become a top priority of the software development industry, according to the article. By taking time to address and repair known vulnerabilities, these cyber challenges can begin to pose less of a threat.
“Software developers, distributors and users can neutralize the threats posed by these vulnerabilities by understanding their code, finding the flaws, and proactively taking steps to address them,” the author concluded.
Click this link to read the full article on the Security magazine website.
Hikvision on Using Ethical Hackers to Uncover Vulnerabilities
Chuck Davis, Hikvision’s cybersecurity director, wrote a two-part blog about using ethical hackers to uncover vulnerabilities. In the piece, he outlined what a vulnerability is, outlined the responsible disclosure process, provided reasons to hire an ethical hacker, and offered three tips on hiring an ethical hacker to identify vulnerabilities.
In part two of the blog series, Hikvision’s Davis stated: “Vulnerabilities are bugs or flaws in computer code that, when exploited, cause a negative impact to confidentiality, integrity, or availability (according to Mitre). We call this the "CIA triad." Vulnerabilities can be found in both software and firmware and are prevalent in most code. The more lines of code, the more likely there are vulnerabilities.”
All devices on a network are computers, which includes IP-based video surveillance equipment and other IoT devices. And, all computers have vulnerabilities. The article describes ways to address these security concerns.