Posted by Taylor Armerding on September 4, 2018
Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup.
Fixing the CVE program, your personal data has already “checked out,” and it even “may potentially” have taken flight. Watch this week’s episode below to see why these stories are trending.
via Catalin Cimpanu, BleepingComputer: Almost 20 years ago, in 1999, a great idea came into being with the creation of the Common Vulnerabilities and Exposures (CVE) List. The idea behind the CVE program was this: Everybody who found an exploitable flaw or bug in software or firmware would notify a single organization (the nonprofit, federally funded MITRE Corp.). That organization would assign the vulnerability an identification number and maintain a database containing relevant info about all known vulnerabilities. It’s like crowdsourcing security. But cyber security today is not like it was in the early days of the CVE program. Watch this segment to learn why it’s trending.
via Shaun Nichols, The Register: Hacks of personal data are now just about a daily occurrence. And one of China’s biggest hotel chains joined the list of victims last week when a number of security firms noticed that data for about 130 million guests of the Huazhu Hotel Group was up for sale for about $56,000 in Bitcoin on a Chinese dark web forum. Watch this segment.
via Pete Evans, CBC News: Two of the most ominous words in an announcement about a data breach are “may” and “potentially.” Air Canada announced last week that the personal data of about 20,000 users of its mobile app “may potentially have been improperly accessed.” Of course, every user of the app should translate that as “definitely” and “already.” What data “may” have been compromised? At a minimum, users’ names, email addresses, and telephone numbers. Watch to learn why this story is trending in security.
Get the latest Software Integrity news, thought leadership, and more.