News Insights: U.S. Department of Defense discloses critical and high severity bugs
U.S. Department of Defense discloses critical and high severity bugs
The U.S. Department of Defense has disclosed today details about four security vulnerabilities on its infrastructure. Two of them have a severity high severity rating while the other two received a critical score.
U.S. Department of Defense discloses critical and high severity bugs
News Insights:
According to Timothy Chiu, Vice President of Marketing, K2 Cyber Security:
“The recent disclosures of security vulnerabilities by the U.S. DoD in their infrastructure are great examples of why the National Institute of Standards and Technologies (NIST) recently updated the latest draft of the Application Security Framework SP800-53 to include the requirement for runtime security (also known as RASP). Remote Code Execution (RCE)and Cross Site Scripting (XSS) are common web application vulnerabilities that have been around since the inception of the OWASP Top 10. Yet, applications and application code continue to make it to production with significant vulnerabilities, even with the continued focus on putting security earlier in the development process (DevSecOps). It’s critical to protect applications and infrastructure in production, so that vulnerabilities like these can be protected during runtime. The new NIST guidelines recognize this need.”
Hugh Taylor
Hugh Taylor is a Certified Information Security Manager (CISM). In addition to editing Journal of Cyber Policy, he writes about cybersecurity, compliance and enterprise technology for such clients as Microsoft, IBM, SAP, HPE, Oracle, Google and Advanced Micro Devices. Prior to launching his freelance writing career, he served in executive roles at Microsoft, IBM and several venture-backed technology startups.