Database Security

Authentication

Privacy

Compliance

Identity & Access Management

Security Monitoring

Advanced Threats

Insider Threats

Vulnerability Management

Network Computing Dark Reading

Advertise

About Us

Author

Profile of Derek Weeks

Vice President & DevOps Advocate, Sonatype

Member Since: 2/26/2016
Author
News & Commentary Posts: 2
Comments: 4

Derek Weeks is passionate about applying proven supply chain management principles to improve efficiencies, reduce security risks, and sustain long-lasting competitive advantages. He is a distinguished international speaker and lectures regularly on modern software development practices, continuous delivery and DevOps, and application security.
A 20-year veteran of the software industry, Derek has advised leading businesses on IT performance improvement, practices covering continuous delivery, business process management, systems and network operations, service management, capacity planning and storage management.

Derek currently serves as vice president and DevOps advocate at Sonatype, where he leads the largest and most comprehensive annual analysis of software supply chain practices to date across more than 150,000 development organizations.

Articles by Derek Weeks

View Content By Month

5 Steps to Improve Your Software Supply Chain Security

4/14/2016
Organizations that take control of their software supply chains will see tremendous gains in developer productivity, improved quality, and lower risk.
Post a Comment

Java Deserialization: Running Faster Than a Bear

4/14/2016
Software components that were once good can sour instantly when new vulnerabilities are discovered within them. When that happens, the bears are coming, and you have to respond quickly.
Post a Comment

Content by Month
April 2016 - 2
[close this box]

Hot Topics

Editors' Choice

Higher Education: 15 Books to Help Cybersecurity Pros Be Better

Curtis Franklin Jr., Senior Editor at Dark Reading, 12/12/2018

Bug Hunting Paves Path to Infosec Careers

Kelly Sheridan, Staff Editor, Dark Reading, 12/12/2018

'PowerSnitch' Hacks Androids via Power Banks

Kelly Jackson Higgins, Executive Editor at Dark Reading, 12/8/2018

Live Events

Webinars

More UBM Tech
Live Events

Drive Your Business and Career Forward at Interop19

Interop 2019 - The Unbiased IT Conference

Communications & Collaboration 2022 at EC19 Orlando March 18-21

White Papers

Fact vs. Fiction: Mobile Support

Threatscape of the US Election from Anomali Labs

IP Address Audit Checklist: A 10 Step Guide

Know Your Unknowns With a Master IP Address List Audit

Mitigating False-Positives to Improve Software Publishing

More White Papers

Video

All Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: This comment is waiting for review by our moderators.

Cartoon Archive

Current Issue

10 Best Practices That Could Reshape Your IT Security Department

This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How Enterprises Are Using IT Threat Intelligence

Large organizations are harnessing data about cyberattackers and their exploits to improve the safety of their critical data. Find out what they're doing.

Download Now!

How Enterprises Are Attacking the Cybersecurity Problem

0 comments

Online Malware and Threats: A Profile of Today's Security Posture

0 comments

The Risk Management Struggle

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-20127
PUBLISHED: 2018-12-13

An issue was discovered in zzzphp cms 1.5.8. del_file in /admin/save.php allows remote attackers to delete arbitrary files via a mixed-case extension and an extra '.' character, because (for example) "php" is blocked but path=F:/1.phP. succeeds.

CVE-2018-20128
PUBLISHED: 2018-12-13

An issue was discovered in UsualToolCMS v8.0. cmsadmin\a_sqlback.php allows remote attackers to delete arbitrary files via a backname[] directory-traversal pathname followed by a crafted substring.

CVE-2018-20129
PUBLISHED: 2018-12-13

An issue was discovered in DedeCMS V5.7 SP2. uploads/include/dialog/select_images_post.php allows remote attackers to upload and execute arbitrary PHP code via a double extension and a modified ".php" substring, in conjunction with the image/jpeg content type, as demonstrated by the filena...

CVE-2018-6706
PUBLISHED: 2018-12-12

Insecure handling of temporary files in non-Windows McAfee Agent 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows an Unprivileged User to introduce custom paths during agent installation in Linux via unspecified vectors.

CVE-2018-6705
PUBLISHED: 2018-12-12

Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions.

Terms of Service
Privacy Statement
Legal Entities

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]