STE WILLIAMS

An Open-Source Security Maturity Model



To InformationWeek





Search


Oh you don’t run open-source code? Really? Christine Gadsby of Blackberry and Jake Kouns of Risk-Based Security visit the Dark Reading News Desk at Black Hat to explain how to identify and secure all those open-source libraries and other third-party components lurking inside your applications — proprietary and otherwise.


‘);
}



‘);
}

Comments

‘);
}

‘);
}

Register for Dark Reading Newsletters

Live Events

Webinars


More UBM Tech
Live Events

0 Comments

1 Comments

0 Comments

1 Comments

0 Comments

0 Comments

1 Comments

0 Comments

0 Comments

0 Comments

0 Comments

0 Comments


Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: I still think we should have built our own nest, instead of buying a nest from Nest.


Five Emerging Security Threats – And What You Can Learn From ThemAt Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?

Reports

Infographics

DevOps’ Impact on Application Security

DevOps’ Impact on Application Security

Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.

DevOps’ Role In Application Security

DevOps’ Role In Application Security

It may seem counterintuitive that DevOps can boost security.

7 Ways Cloud Alters The Security Equation

7 Ways Cloud Alters The Security Equation

10 Ways To Lock Down Third-Party Risk

Top Colleges For Cybersecurity

Dark Reading - Bug Report
Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

CVE-2013-7445Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b…


CVE-2015-4948Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.


CVE-2015-5660Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.


CVE-2015-6003Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.


CVE-2015-6333Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio

googletag.display(‘div-gpt-ad-961777897907396673-15’);

Information Week
<!–
UBM DeusM
–>

UBM Tech



Comments are closed.