Cybersecurity Gaps in Scanning and Patching Vulnerabilities in Software

  /  ICS Security   /  Cybersecurity   /  Cybersecurity Gaps in Scanning and Patching Vulnerabilities in Software
Cybersecurity
Cybersecurity

Cybersecurity Gaps in Scanning and Patching Vulnerabilities in Software

Current strategies of scanning for and patching vulnerabilities in software leave a huge and highly-exploitable security gap.

Recent research by RunSafe Security partners show that current strategies of scanning for and patching vulnerabilities in software leave a huge and highly-exploitable security gap. When measured against NIST CVEs (Common Vulnerability Enumerations from the National Vulnerability Database), the researchers found that:

  • Memory vulnerabilities are the most frequent CVEs reported in the database, making up 40% of the total, and are ranked as the #1 software weakness in MITRE’s current CVE rankings.
  • 59% of these memory CVEs have exploits available.
  • They produce the highest CVSS consequence scores, in the 7.2 to 9.8 out of 10.0 (the High and Critical ranges), in NIST’s Common Vulnerability Scoring System. In layman’s terms these are the vulnerabilities that, if exploited, can cause the most damage to an organization.
  • Only 2.5% (15 of 592) of all Linux CVEs are currently detected by scanning tools, leaving a massive 97.5% security gap.

Cybersecurity for Scanning and Patching

Does this mean scanning and patching are no longer relevant? Obviously they are – they are essential foundation elements for effective cyber security and hygiene.

What it does mean is that other solutions are required to fill the gap, to mitigate cybersecurity risks and vulnerabilities before they are detected, reported, or patched. RunSafe calls this category “software immunization,” by which code can be inoculated against vulnerabilities before deployment. We believe this “third leg of the stool” is an essential new approach that can increase software security by a full order of magnitude, and in many specific use cases completely eliminate the most dangerous weakness in software today, memory-based vulnerabilities.

According to Thomas Scanlon at Carnegie Mellon’s Software Engineering Institute, “84% of software breaches exploit vulnerabilities at the application layer”. This has driven an entire domain of application security testing tools and techniques.

Read the full post from RunSafe Security to learn more about keeping your software secure.

by

One of the biggest challenges of implementing a digital transformation program is integrating with legacy systems for data collection. Another major challenge is presented in storing and utilizing that data to extract business value. In this article, you will learn about

by
Connected Industry

In this interview at Hannover Messe 2024, Dr. Ali Haj Fraj, Sr. VP Digital Factory, Schneider Electric, explains how industrial businesses could leverage smart factories to drive growth, productivity, and sustainability. The Emergence of Smart Manufacturing At the heart of the discussion,

by
Connected Industry, Video

Welcome to the May 2024 roundup of IIoT and ICS cybersecurity events. This month promises an array of conferences, summits, and expos dedicated to exploring the latest advancements, challenges, and best practices in securing critical infrastructure and advancing industrial connectivity.

by
Connected Industry, Cybersecurity
25985 Rustic Lane,
Westlake, Ohio 44145, U.S.A.
Telephone: +1 949-427-0564
Drop us a message

    ©2017-2024  IIoT World. All articles submitted by our contributors do not constitute the views, endorsements or opinions of IIoT-World.com.