![]() The code-centricity of the so-called vulnerability assessment tool represents a significant advantage over other tools that have been developed in the meantime. To compensate for the lack of tool support, SAP Security Research started in 2014 to develop a new approach for detecting whether Java applications depend on vulnerable open source code and, using static and dynamic program analysis techniques, whether such vulnerable code is actually or potentially reachable in a given application context. Or remember the Equifax data breach in 2017: Personal data of 148 Mio US citizens was compromised due to a vulnerable version of Apache Struts. It was an eye-opener demonstrating to what extent we all depend on the security of open source software components. ![]() You certainly remember Heartbleed: Back in 2014, this vulnerability in the OpenSSL crypto library put many TLS-enabled websites at risk. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |