{"id":18851,"date":"2022-04-25T07:10:16","date_gmt":"2022-04-25T15:10:16","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/04\/25\/news-12584\/"},"modified":"2022-04-25T07:10:16","modified_gmt":"2022-04-25T15:10:16","slug":"news-12584","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/04\/25\/news-12584\/","title":{"rendered":"Why our software has so many vulnerabilities, with Tanya Janca: Lock and Code S03E09"},"content":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 25 Apr 2022 14:32:39 +0000<\/strong><\/p>\n<p>Less than one year ago, the worst ransomware attack in history <a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2021\/07\/shutdown-kaseya-vsa-servers-now-amidst-cascading-revil-attack-against-msps-clients\/\">struck dozens of organizations<\/a>. Threat actors had exploited a serious flaw in the remote monitoring and management tool Kaseya VSA that, when discussed on the Lock and Code podcast, was revealed to be &#8220;not advanced at all.&#8221;<\/p>\n<p>This was far from the only software vulnerability that the public learned about last year. <\/p>\n<p>When Lock and Code discussed the <a href=\"https:\/\/blog.malwarebytes.com\/podcast\/2021\/08\/hackers-tractors-and-a-few-delayed-actors-how-hacker-sick-codes-learned-too-much-about-john-deere-lock-and-code-s02e16\/\">efforts by agricultural companies to turn their physical equipment, like tractors and combines, into smart devices<\/a>, we learned about simple flaws that allowed a group of hackers to uncover user IDs for pretty much every registered device in a company\u2019s database. And we learned that the IDs could, through a simple comparison search with the Fortune 500, reveal what companies were clients of that agricultural company.<\/p>\n<p>And when we <a href=\"https:\/\/blog.malwarebytes.com\/podcast\/2021\/08\/katie-moussouris-hacked-clubhouse-her-emails-went-unanswered-for-weeks-lock-and-code-s02e15\/\">discussed the famous app Clubhouse<\/a>, we learned about an eavesdropping flaw that was discovered with no technical hacking requirements\u2014all that was necessary was two iPhones.<\/p>\n<p>These examples and many, many more throughout cyber-history beg the question: What is going on with how our applications are developed?<\/p>\n<p>Today on the Lock and Code podcast with host David Ruiz, we speak to returning guest Tanya Janca to understand the many stages of software development and how security trainers can better work with developers to build safe, secure products. According to Janca, a good security team takes the security of their developers&#8217; products as their own responsibility. <\/p>\n<blockquote class=\"wp-block-quote\">\n<p>&#8220;It\u2019s our job to help them make their software secure. If at the end, they have all these things wrong, guess what, it\u2019s because our team, the security team, is not doing a good job&#8221;<\/p>\n<p><cite>Tanya Janca, Director of developer relations of Bright, founder of the online training academy We Hack Purple and author of Alice and Bob Learn Application Security.<\/cite><\/p><\/blockquote>\n<p>Tune in to hear all this and more on this week\u2019s Lock and Code podcast by Malwarebytes Labs.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-spotify wp-block-embed-spotify wp-embed-aspect-21-9 wp-has-aspect-ratio\">\n<div class=\"wp-block-embed__wrapper\"> <iframe title=\"Spotify Embed: Why our software has so many vulnerabilities, with Tanya Janca\" style=\"\" width=\"100%\" height=\"420\" frameborder=\"0\" allowfullscreen allow=\"autoplay; clipboard-write; encrypted-media; fullscreen; picture-in-picture\"><\/iframe>         <\/p>\n<div class=\"col-md-8 embedded-video-alt\">\n<div class=\"embedded-video-alt-inner\">\n<div class=\"embedded-video-alt-text\">                   This video cannot be displayed because your <i>Functional Cookies<\/i> are currently disabled.<\/p>\n<p>                        To enable them, please visit our <i><a href=\"https:\/\/www.malwarebytes.com\/privacy\/#how-we-collect-information\">privacy policy<\/a><\/i> and search for the Cookies section. Select <i>&#8220;Click Here&#8221;<\/i> to open the Privacy Preference Center and select <i>&#8220;Functional Cookies&#8221;<\/i> in the menu. You can switch the tab back to <i>&#8220;Active&#8221;<\/i> or disable by moving the tab to <i>&#8220;Inactive.&#8221;<\/i> Click <i>&#8220;Save Settings.&#8221;<\/i>             <\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/figure>\n<p>You can also find us on\u00a0<a href=\"https:\/\/podcasts.apple.com\/us\/podcast\/lock-and-code\/id1500049667\" target=\"_blank\" rel=\"noreferrer noopener\">Apple Podcasts<\/a>,\u00a0<a href=\"https:\/\/open.spotify.com\/show\/3VB1MCXNk76TSddNNZcDuo?si=b454MPzCTYWvvS5bOPdxcA\" target=\"_blank\" rel=\"noreferrer noopener\">Spotify<\/a>, and\u00a0<a href=\"https:\/\/podcasts.google.com\/feed\/aHR0cHM6Ly9mZWVkLnBvZGJlYW4uY29tL2xvY2thbmRjb2RlL2ZlZWQueG1s\" target=\"_blank\" rel=\"noreferrer noopener\">Google Podcasts<\/a>, plus whatever preferred podcast platform you use.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/podcast\/2022\/04\/why-our-software-has-so-many-vulnerabilities-with-tanya-janca-lock-and-code-s03e09\/\">Why our software has so many vulnerabilities, with Tanya Janca: Lock and Code S03E09<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/podcast\/2022\/04\/why-our-software-has-so-many-vulnerabilities-with-tanya-janca-lock-and-code-s03e09\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 25 Apr 2022 14:32:39 +0000<\/strong><\/p>\n<p>Today on Lock and Code, we speak with returning guest Tanya Janca about why so much of our software comes packaged with vulnerabilities.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/podcast\/2022\/04\/why-our-software-has-so-many-vulnerabilities-with-tanya-janca-lock-and-code-s03e09\/\">Why our software has so many vulnerabilities, with Tanya Janca: Lock and Code S03E09<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[25808,11091,25809,25810,24306,5820,25811,25812,25813,10467,25814],"class_list":["post-18851","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-clubhouse","tag-insecure","tag-john-deere","tag-kaseya-vsa","tag-lock-and-code","tag-podcast","tag-sdlc","tag-software-vulnerability","tag-systems-development-lifecycle","tag-vulnerability","tag-we-hack-purple"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18851","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=18851"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18851\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=18851"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=18851"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=18851"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}