Posted on

Code security

An interesting coverage of the state of Open Source Software and the vulnerabilities it carries. I do recall a time where the common wisdom was that open source was more secure because you have thousands of eyes looking at the code as opposed to the closed environment of the corporate world that is focused on product releases and the bottom line only.


The irony seems to be that those two views have merged somewhat. The adoption or Open Source Software into the enterprise environment has diluted the religious zeal of the open source coder with a dash of the corporate world bottom line mentality.

I think in today’s world with complex supply chain for code and services used by software, that the simple maxim of all code has vulnerabilities is the only one that rings true. Regardless of source, open or closed, you need to address your application security, coding practices and supply chain.

https://www.technewsworld.com/story/86564.html

Posted on

Someone buy Zoom a book on Secure Development?

I think there are a couple of lessons here.

Media love to dogpile on a tech company that gets security wrong publicly, and Zoom certainly got it wrong (secure development is not really a new concept guys). That said, I wouldn’t go so far as to call this malware as some articles have. It represents a need for everyone to know the full extent of their supply chain for not only the products and hardware they own, but also the services they consume.

That said, if you are using Zoom right now to easily allow grandma to communicate safely with the grandkids during these times, more power to you. If you are conducting sensitive company meetings over the platform, well…….maybe stop for now?
#infosec #securedevelopment
https://www.nytimes.com/article/zoom-privacy-lessons.html