all InfoSec news
Vendor Re-Use Opens the Aperture on Many Vulnerabilities
Malware Analysis, News and Indicators - Latest topics malware.news
Introduction
The IT supply chain is filled with software vulnerabilities, many resulting from significant code reuse across multiple vendors. The economic forces at play form a ‘race to the bottom’ competitive landscape, where feature velocity and low cost drive development practices. Often, basic Secure Systems Development Lifecycle (SSDLC) practices, such as baking in static code vulnerability analysis into the development and QA lifecycles, are eschewed. Furthermore, vendors often leverage and re-use OSS (Open Source Software) to gain efficiencies.
As we’ll …
analysis basic code code reuse code vulnerability competitive cost development drive economic introduction isn lifecycle low open source oss play practices research reuse software software vulnerabilities supply supply chain systems systems development lifecycle vendor vendors vulnerabilities vulnerability vulnerability analysis