The New Killer App for Security: Software Inventory
Unless you want to be the next data-breach headline, develop and maintain an inventory of all the software, including open source packages, that your organization uses.
More than half the battle of computer security is knowing what to protect. And more than half of knowing what to protect is knowing what you have. This applies not just to network assets like servers, desktop computers, mobile devices, and laptops but even more importantly to software. In this ar- ticle I focus on software because in my view, software se- curity is the most important subfield of computer security.
BEFORE YOU CAN FIX IT, YOU NEED TO FIND OUT WHERE IT’S BROKE. How hard could it be to create and maintain an inventory of the software your organization uses? It’s harder than you think. Most firms don’t have an actionable software inventory—which puts them directly at risk.
In addition, the inventory problem is getting expo- nentially worse as development evolves because not everything that is code can be called an application. Components, li- braries, frameworks, and all sorts of other things are also software that should be on an organization’s security radar. Additionally, with the advent of agile, DevOps, CI/CD (continuous integration/continuous delivery), and other development philosophies and tool chains, there are hundreds or even thousands of automation scripts that make the approach work. Every one of those scripts is software that should go through the secure systems development life cycle, end up in the software inventory, and be subject to all the same risk-management decision making as giant flagship apps.
The most recent version of the Building Security in Maturity Model (BSIMM8; bsimm.com) reports that only 40 percent of participating firms (44 of 109) have an opera- tional inventory of software deployments. The activity in question falls under Configuration Management & Vul- nerability Management (CMVM) Level 2:
New News App Deliveres Fresh Ideas
Exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
New News App Deliveres Fresh Ideas
Exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
New News App Deliveres Fresh Ideas
Exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
About Us
Lorem ipsum dolor sit amet, adipiscing elit, sed diam nonummy nibh .
