Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Study: 96 Percent Of Applications Have Security Vulnerabilities
Newest First  |  Oldest First  |  Threaded View
shjacks55
50%
50%
shjacks55,
User Rank: Apprentice
3/7/2014 | 7:25:00 AM
re: Study: 96 Percent Of Applications Have Security Vulnerabilities
You must be an old 68000 Mac guy. Or an ARM fanboy. Intel processors have had 4 security rings since 386 and S/390 had more (VM/CMS). Took a speed hit to write good code (no speed hit with newer CPUs but bad habits die hard). Intel depreciated then removed the Bounds instruction (limits buffer overflow) because it 'slowed down code' and stalled the pipeline. Lazy programmers for hardware vendors still write user mode drivers for hardware networking devices. (Bad when network gets busy.)
Linux is by no means perfect; programs like Flash run in Kernel and crash my Linux boxes. Mac (on BSD base OS) keeps less in the kernel mode and is more stable than Linux.
The largest US Retailers use Java POS S/W running on SUSE Linux. Older, exploit vulnerable Java. But these POS only talk to the Store Server which only talks to the Corporate Data Center: like Target's System.
macker490
50%
50%
macker490,
User Rank: Ninja
2/25/2014 | 1:26:15 PM
re: Study: 96 Percent Of Applications Have Security Vulnerabilities
errors in app programs are normal. this is why computers have kernel mode and user mode. it's been that way since 1964 when System/360 announced "multi-programming".

there are only 2 rules to computer security:
1. the o/s must not permit any un-authorized updates to itself.
2. the system owner/operator must be able to regulate what an application program or user is allowed to do.

the later was introduced to system 360 with RACF: 1974 these rules are also operational in Unix/Linux systems.

product liability: the o/s builder is responsible for making sure the tools (1, & 2, above) are effective. the system owner/operator is responsible for applying the rules.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-40099
PUBLISHED: 2021-09-24
An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution.
CVE-2021-40100
PUBLISHED: 2021-09-24
An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich Text.
CVE-2021-40102
PUBLISHED: 2021-09-24
An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File deletion can occur via PHAR deserialization in is_dir (PHP Object Injection associated with the __wakeup magic method).
CVE-2021-41586
PUBLISHED: 2021-09-24
In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password.
CVE-2021-41587
PUBLISHED: 2021-09-24
In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources.