Open source software security vulnerabilities exist for over four years before detection

It can take an average of over four years for vulnerabilities in open source software to be spotted, an area in the security community that needs to be addressed, researchers say. 

According to GitHub’s annual State of the Octoverse report, published on Wednesday, reliance on open source projects, components, and libraries is more common than ever. 

Over the course of 2020, GitHub tallied over 56 million developers on the platform, with over 60 million new repositories being created — and over 1.9 billion contributions added — over the course of the year. 

“You would be hard-pressed to find a scenario where your data does not pass through at least one open source component,” GitHub says. “Many of the services and technology we all rely on, from banking to healthcare, also rely on open source software. The artifacts of open source code serve as critical infrastructure for much of the global

Read More

Home Affairs wants to expand telco security reform notification requirements

Under Australia’s Telecommunications Sector Security Reforms (TSSR), all carriers and nominated carriage service providers (C/NCSPs) are required to notify the Communications Access Coordinator (CAC) of proposed changes to their telecommunications systems or services if they become aware of any proposed changes that are likely to have a “material adverse effect” on their capacity to comply with security obligations.

As of 30 June 2020, the Department of Home Affairs has received a total of 66 notifications. It told the Parliamentary Joint Committee on Intelligence and Security (PJCIS) the notifications received from carriers to date represented the vast majority of the fixed-line and mobile telecommunications market in Australia.

In its submission [PDF] to the PJCIS, Home Affairs suggested additional types of notices “with more nuanced language” to reflect various levels and types of risk and the urgency of adopting further mitigations.

See also: The disappointment of Australia’s new cybersecurity strategy

“Home Affairs

Read More

UAE Food and Water security office renews collaboration agreement with Islamic Development Bank

Dubai: – The UAE government has revitalised its collaboration with the Islamic Development Bank in relation to the International Center for Biosaline Agriculture (ICBA) – a centre that enhances food security through research and development (R&D) into biosaline agriculture in marginal environments.

Through the UAE Food and Water Security Office, the government has renewed its agreement with the Islamic Development Bank, with the new terms focused on R&D into food production from areas that suffer from limited resources.

The agreement was renewed during a virtual ceremony held on Sunday, November 29, 2020 and attended by Her Excellency Mariam Almheiri, Minister of State for Food and Water Security; H.E. Dr Bandar bin Mohammed bin Hamza Hajjar, President of the Islamic Development Bank Group; and several officials and representatives from both entities.

Renewing the agreement effectively extends collaboration on the management and operation of ICBA for another five years. The agreement includes

Read More

Internet Security Market is estimated to reach $64.9 billion by 2025; growing at a CAGR of 8.8% from 2020 to 2025

The MarketWatch News Department was not involved in the creation of this content.

New York, United States, Sat, 28 Nov 2020 13:25:35 / Comserve Inc. / — Internet has been used for sharing information, data, and applications, among others on a high level around the world.

Global Internet Security Market is estimated to reach $64.9 billion by 2025; growing at a CAGR of 8.8% from 2017 to 2025. Internet has been used for sharing information, data, and applications, among others on a high level around the world. With the high use of the Internet, cyber threats are being detected around the globe and that has high effect on systems functionality as well as business operations. Internet security solutions find usage to guard the computing systems, as well as confirm faultless implementation of activities. Various technologies used for internet security includes cryptography, authentication, access control, and content filtering. With the high

Read More

Top tips ahead of National Computer Security Day

The findings come ahead of National Computer Security Day, which is held each November 30 in the U.S. (the event has been running since 1988). In time for this event, the 2020 Unisys Security Index finds that 1 in 3 (31 percent) of U.S. citizens are concerned about their data security. Furthermore, almost two-thirds (63 percent) of those living in the U.S. are seriously concerned that their identity could be stolen and/or misused.

The survey also identified that upwards of 70 percent of those in the U.S. would agree that the growing amount of data, applications and devices means that it is opportune to create a new, more secure and controlled internet.

Ahead of the event, the Chief Information Security Officer at Unisys, Mat Newfield, has provided Digital Journal readers with some advice for keeping cyber-safe while using our computers.

Passwords

Newfield advises people to:

Check their passwords.

To change

Read More

Static Application Security Testing Software Market Exhibits a Stunning Growth Potentials | Veracode, Hewlett Packard Enterprises, Synopsys

The MarketWatch News Department was not involved in the creation of this content.

Nov 27, 2020 (Heraldkeepers) —
AMA Research have added latest edition of survey study on Static Application Security Testing Software Market with 100+ market data Tables, Pie Chat, Graphs & Figures spread through Pages and easy to understand detailed analysis. At present, the market is developing its presence. The Research report presents a complete assessment of the Market and contains a future trend, current growth factors, attentive opinions, facts, and industry validated market data. The research study provides estimates for Static Application Security Testing Software Forecast till 2025*. Some are the key players taken under coverage for this study is Veracode (United States), Hewlett Packard Enterprises (United States), Synopsys (United States), IBM Corporation (United States), WhiteHat Security (United States), Qualys (United States), Checkmarx (Israel), Acunetix (Malta), Rapid7 (United States) and Trustwave (United States).

Free Sample Report +

Read More

Global Social Media Security Market Size by Production, Top Countries Import-Export and Consumption Forecast & Regional Analysis by 2024

The MarketWatch News Department was not involved in the creation of this content.

Nov 27, 2020 (The Expresswire) —
Global“Social Media Security Market”(2020-2026) status and position of worldwide and key regions, with perspectives of manufacturers, regions, product types and end industries; this report analyses the topmost companies in worldwide and main regions, and splits the Social Media Security market by product type and applications/end industries.The Social Media Security market trend research process includes the analysis of different factors affecting the industry, with the government policy, competitive landscape, historical data, market environment, present trends in the market, upcoming technologies,technological innovation, and the technical progress in related industry, and market risks, market barriers,opportunities, and challenges.

Get a sample PDF of the report athttps://www.360researchreports.com/enquiry/request-sample/15701513

The global Social Media Security market is anticipated to rise at a considerable rate during the forecast period, between 2020 and 2026. In 2020, the

Read More

2020-2026 Research Report On Global IoT Security Software Market | Growing Demand, Current Trends, Investment Opportunity and In-Depth Analysis

The MarketWatch News Department was not involved in the creation of this content.

Nov 27, 2020 (The Expresswire) —
“IoT Security Software Market” report provides a detailed evaluation of the market by highlighting information on different aspects which include drivers, restraints, opportunities, threats, and global markets including progress trends, competitive landscape analysis, and key regions expansion status.This report is comprehensive numerical analyses of the IoT Security Software industry and provides data for making strategies to increase the market growth and success. The Report also estimates the market size, Price, Revenue, Gross Margin and Market Share, cost structure and growth rate for decision making.

Global IoT Security SoftwareMarket is growing due to growing requirements for quality inspection and surge in demand. It also provides pin-point analysis for changing competitive dynamics and provides healthy CAGR during the period 2026 and calculate the market size,IoT Security Software Sales, Price, Revenue, Gross Margin and

Read More

How Ubiq Security uses APIs to simplify data protection

As cyberthreats continue to multiply, startups with tools to protect data are in high demand. But companies are now facing the growing complexity of managing security across their various data sources.

San Diego-based Ubiq Security believes APIs could play a key role in simplifying this task. The company hopes to encourage more developers and enterprises to build security directly into applications rather than looking for other services to plug the holes.

“How do you take the messy and complicated world of encryption and distill it down to a consumable, bite-sized chunk?” asked Ubiq CEO Wias Issa. “We built an entirely API-based platform that enables any developer of any skill set to be able to integrate encryption directly into an application without having any prior cryptography experience.”

Issa is a security veteran and said companies have generally been focused on security for their data storage systems. When they start layering applications

Read More

Security researcher accidentally discovers Windows 7 and Windows Server 2008 zero-day

Windows 7

Image: Microsoft

A French security researcher has accidentally discovered a zero-day vulnerability that impacts the Windows 7 and Windows Server 2008 R2 operating systems while working on an update to a Windows security tool.

The vulnerability resides in two misconfigured registry keys for the RPC Endpoint Mapper and DNSCache services that are part of all Windows installations.

  • HKLMSYSTEMCurrentControlSetServicesRpcEptMapper
  • HKLMSYSTEMCurrentControlSetServicesDnscache

French security researcher Clément Labro, who discovered the zero-day, says that an attacker that has a foothold on vulnerable systems can modify these registry keys to activate a sub-key usually employed by the Windows Performance Monitoring mechanism.

“Performance” subkeys are usually employed to monitor an app’s performance, and, because of their role, they also allow developers to load their own DLL files to track performance using custom tools.

While on recent versions of Windows, these DLLs are usually restricted and loaded with limited privileges, Labro said that on Windows 7 and

Read More