Abstract
You already know the story: by identifying an Apache Struts CVE-2017-5638 vulnerability, criminals exposed the personal data of up to 143 million Equifax customers. What needs closer examination is the cause. The coding risk that opened up the door must be identified and closed. And just as important, companies need to examine their development processes for openings that let vulnerabilities in. Open source software (OSS) is widely used in software applications but rarely tracked in detail. Companies don't know what they don't know regarding open source and the breach teaches important lessons about the need to close that gap. An Apache Struts vulnerability allowed hackers to steal data on 143 million Equifax customers. What needs closer examination is the cause. The breach offers a reminder about how security practices play an important role in protecting a company, along with instituting security policies into engineering planning and processes. There's an opportunity for a conversation about stopping hackers in their tracks with tight processes, especially with regard to the use of open source software, explains Jeff Luszcz of Flexera.
Subject
Information Systems and Management,Computer Networks and Communications,Safety, Risk, Reliability and Quality
Reference3 articles.
1. ‘Apache Struts Jakarta Multipart Parser Code Execution Vulnerability'; Flexera Secunia Advisory SA75730, Accessed Jan 2018. https://secuniaresearch.flexerasoftware.com/community/advisories/75730 8 Mar 2017:
2. Hardik Shah ‘Analysing CVE-2017-9791: Apache Struts Vulnerability Can Lead to Remote Code Execution';
19 Jul 2017:
McAfee>
Accessed Jan 2018. https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-cve-2017-9791-apache-struts-vulnerability-can-lead-remote-code-execution/
Cited by
22 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. FGF-Bert: A modified Bert-based approach with a fine-grained feature fusion strategy for Binary Code Similarity Detection;2024 International Joint Conference on Neural Networks (IJCNN);2024-06-30
2. Smart Management System of Scientific Research Projects in Colleges based on Data Identification and Sharing;2024 International Conference on Expert Clouds and Applications (ICOECA);2024-04-18
3. Quantifying Security Issues in Reusable JavaScript Actions in GitHub Workflows;Proceedings of the 21st International Conference on Mining Software Repositories;2024-04-15
4. Mitigating Security Issues in GitHub Actions;Proceedings of the 2024 ACM/IEEE 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS) and 2024 IEEE/ACM Second International Workshop on Software Vulnerability;2024-04-15
5. Modeling interconnected social and technical risks in open source software ecosystems;Collective Intelligence;2024-01