Comments by: Jonathan Knudsen, Senior Security Strategist, at Synopsys Software Integrity Group
A recently disclosed data breach at Vhive highlights the difficulties of operating software securely, and the asymmetric advantage attackers possess.
Software offers tremendous capabilities for organisations of all sizes, from online commerce to backend financial record keeping and analysis. With that functionality, however, comes responsibility, and many organisations are simply unaware of the risks and the commitment required to operate software securely.
Without investment in software security — education, policy development, architecture review, threat modelling, tools — disaster is all but inevitable.
Vhive was specifically victimised, although it is unclear exactly how attackers gained entry, but they could just as easily have been a target of opportunity. A robust, proactive approach to security is the only way to deter attackers. Even with such an approach, incidents can still happen, but they are much less likely.