Comments
'Shift Left' & the Connected Car
Newest First  |  Oldest First  |  Threaded View
Patrick Ciavolella
50%
50%
Patrick Ciavolella,
User Rank: Author
7/23/2018 | 8:34:30 AM
Remove it entirely from cars
Vulnerabilities are there not because they were not thuroughly thought out at the beginning but because it was not known at the time. Good guys cant spend the same amunt of time trying to break into items like the bad guys do. If we did we would live in a perfect world where there were no vulnerabilities. We all know this can never be the case, where there is a will there is a way, be it good or bad.
Only real solution is remove this data from cars entirely. It is not essential, people are just becoming lazier and reliant upon them to focus on the task at hand, Driving.
SchemaCzar
100%
0%
SchemaCzar,
User Rank: Strategist
6/13/2018 | 9:51:14 AM
Agile can't "Shift Left"Security has no "story points"
Security is something that simply cannot be addressed with Agile methodologies.  Security has no story points or other demo-able pieces that you can put at the end of a sprint, for example.  Security doesn't have the visibility needed for Agile's all-important feedback loop. Most importantly, security requires DESIGN.


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-13106
PUBLISHED: 2018-08-15
Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, Efficient, 5.0.3, 2017-09-19, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13107
PUBLISHED: 2018-08-15
Live.me - live stream video chat, 3.7.20, 2017-11-06, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13108
PUBLISHED: 2018-08-15
DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13100
PUBLISHED: 2018-08-15
DistinctDev, Inc., The Moron Test, 6.3.1, 2017-05-04, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13101
PUBLISHED: 2018-08-15
Musical.ly Inc., musical.ly - your video social network, 6.1.6, 2017-10-03, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.