U.S. Department of Defense discloses critical and high severity bugs
The U.S. Department of Defense has disclosed today details about four security vulnerabilities on its infrastructure. Two of them have a severity high severity rating while the other two received a critical score.
According to Timothy Chiu, Vice President of Marketing, K2 Cyber Security:
“The recent disclosures of security vulnerabilities by the U.S. DoD in their infrastructure are great examples of why the National Institute of Standards and Technologies (NIST) recently updated the latest draft of the Application Security Framework SP800-53 to include the requirement for runtime security (also known as RASP). Remote Code Execution (RCE)and Cross Site Scripting (XSS) are common web application vulnerabilities that have been around since the inception of the OWASP Top 10. Yet, applications and application code continue to make it to production with significant vulnerabilities, even with the continued focus on putting security earlier in the development process (DevSecOps). It’s critical to protect applications and infrastructure in production, so that vulnerabilities like these can be protected during runtime. The new NIST guidelines recognize this need.”