Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Shaping A Better Future For Software Security
Oldest First  |  Newest First  |  Threaded View
chenxiwang
100%
0%
chenxiwang,
User Rank: Apprentice
6/3/2015 | 10:06:02 AM
Great to see this effort
A great step to take for the industry. Software security has always been an Achilles heel, and the software supply chain as a whole has not been serious enough to take on this challenge. I hope the working group will produce something concrete and usable. 
KevGreene_Cyber
50%
50%
KevGreene_Cyber,
User Rank: Author
6/4/2015 | 11:55:40 AM
Re: Great to see this effort
@Chenxiwang -- thanks for feedback.  Yes, the software supply chain is becoming a greater challenge, given the fact that open-source is more widely used and software reuse.  We are definitely trying to define an appropriate approach to address 3rd party software.  


THanks again for you support
eeiland
50%
50%
eeiland,
User Rank: Apprentice
6/8/2015 | 10:13:24 AM
Will the EWG be publishing a report?
This is a useful overview.  Will the EWG be releasing a more detailed report?
KevGreene_Cyber
50%
50%
KevGreene_Cyber,
User Rank: Author
7/11/2015 | 2:17:41 PM
Re: Will the EWG be publishing a report?
That's a possibilty at some point.  With all the cyber legistlation coming out from a federal perspective, it would be nice to have something that compliments the changing in the cyber landscape.  Stay tuned!!!


COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/22/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Dan Blum, Cybersecurity & Risk Management Strategist,  5/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13485
PUBLISHED: 2020-05-25
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.
CVE-2020-13486
PUBLISHED: 2020-05-25
The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection.
CVE-2020-13482
PUBLISHED: 2020-05-25
EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified.
CVE-2020-13458
PUBLISHED: 2020-05-25
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action.
CVE-2020-13459
PUBLISHED: 2020-05-25
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.