Assuming our civilization isn’t swept away in a Mayan apocalypse, 2012 will soon give way to a New Year. And, with it, new challenges. To get a sense about what those might be, Veracode called three noted security experts – many newsmakers in their own right – and asked them to gaze into the crystal ball and see what might await us in the New Year.
Answered by Vann Abernethy
Senior Product Manager at NSFOCUS
1. Tell us briefly about what NSFOCUS is all about.
NSFOCUS is a global leader in active perimeter security. Our products and systems are crucial to some of the largest brand names and financial institutions and have been for more than a decade.
The US Department of Defense is throwing money and resources at the problem of software supply chain security. Here’s why supply chain security’s time has come.
One of the things we clearly see in our platform is that more vendor applications are being tested. Our SoSS reports are not based on surveys that collect opinions, it is an analysis of data aggregated from companies as they test and secure their applications. Our platform tracks whether an application is being tested as part of an enterprise effort to test vendor software. The number of vendor apps tested is rising every quarter.
The Veracode Movember effort still needs your help! – Donate Here.
Movember has been an entertaining, interesting and at times embarrassing month. From the looks we garnered around the office, in public, or from family, friends and loved ones, it is at times hard to justify the Moustache. This is all easily rectified once you inform the onlookers about the underlying cause, raising awareness for Prostate Cancer.
The security firm ReVuln found itself on the receiving end of some harsh criticism this month after it demonstrated several previously unknown holes in common industrial control platforms, then said it would not share the details of those holes to vendors. As information about software vulnerabilities becomes more and more valuable, the question arises: who is to blame when software gets hacked: the researcher who exposes the weakness, or the developers who created it?
When the revolution comes, the first up against the firewall will be your business partners – along with every other third-party that provides you with software.
It used to be that you could call for more secure software from individual vendors – and Microsoft heeded that call, for example with its push for trustworthy computing, starting in 2002 – but today we’re more dependent on software than ever, and more interconnected than ever; we rise and fall by the security of our associates.
Having spent the last 10 years or so working with technology on a day-to-day basis, I thought I’d seen a good deal of “Woah, that is cool” moments. These moments range from just discovering modern day technology (the fact that companies made billions on database software blew my much younger mind for about a week) to more niche discoveries (my first identified SQL Injection vulnerability was a doozie, and I didn’t even know it had a name until two years later!)
When we were kicking around ideas for a new SoSS supplement, I thought the vendor testing angle could be interesting. We had just launched our VAST program so the topic made our marketing folks happy, but also because I think the supply chain analogy can be an interesting lens to view the security industry. We can think about the software supply chain as the vulnerability supply chain.