Less than one year ago, the worst ransomware attack in history struck dozens of organizations. Threat actors had exploited a serious flaw in the remote monitoring and management tool Kaseya VSA that, when discussed on the Lock and Code podcast, was revealed to be “not advanced at all.”
This was far from the only software vulnerability that the public learned about last year.
When Lock and Code discussed the efforts by agricultural companies to turn their physical equipment, like tractors and combines, into smart devices, we learned about simple flaws that allowed a group of hackers to uncover user IDs for pretty much every registered device in a company’s database. And we learned that the IDs could, through a simple comparison search with the Fortune 500, reveal what companies were clients of that agricultural company.
And when we discussed the famous app Clubhouse, we learned about an eavesdropping flaw that was discovered with no technical hacking requirements—all that was necessary was two iPhones.
These examples and many, many more throughout cyber-history beg the question: What is going on with how our applications are developed?
Today on the Lock and Code podcast with host David Ruiz, we speak to returning guest Tanya Janca to understand the many stages of software development and how security trainers can better work with developers to build safe, secure products. According to Janca, a good security team takes the security of their developers’ products as their own responsibility.
“It’s our job to help them make their software secure. If at the end, they have all these things wrong, guess what, it’s because our team, the security team, is not doing a good job”Tanya Janca, Director of developer relations of Bright, founder of the online training academy We Hack Purple and author of Alice and Bob Learn Application Security.
Tune in to hear all this and more on this week’s Lock and Code podcast by Malwarebytes Labs.
The post Why our software has so many vulnerabilities, with Tanya Janca: Lock and Code S03E09 appeared first on Malwarebytes Labs.