Bazi rehurumende richiri kukunda vamwe varo vakazvimirira mune dzimwe nzvimbo
Veracode, anotungamira mupi wehungwaru hwekuchengetedza software, nhasi aburitsa chidzidzo chakawana zvikumbiro zvakagadziriswa nemasangano ehurumende zvinowanzova nezvikanganiso zvekuchengetedza kupfuura zvikumbiro zvakagadzirwa mubazi rakazvimirira. Izvi zvakakosha zvakawanikwa nekuti kwakawanda kusasimba kwekushandisa kunoenderana nehuwandu hwengozi. Chidzidzo ichi ndechimwe chemakumi ezviuru zvezvirongwa zvehurumende zvemubatanidzwa zvine chinangwa chekusimbisa cybersecurity, kusanganisira kuedza kudzikisa kusazvibata mumashandisirwo anoita mabasa akakosha ehurumende.
Vatsvagiri vakawana kuti ingangoita 82% yezvikumbiro zvakagadziridzwa nemasangano ehurumende anga aine chikanganiso chimwe chekuchengetedza chakaonekwa mukuongororwa kwavo kwazvino mumwedzi gumi nemiviri yapfuura zvichienzaniswa ne12% yemasangano akazvimirira. Zvichienderana nerudzi rwechikanganiso chakaonekwa, zvikumbiro zvevashandi vehurumende zvaive nemukana wakakura wekuunza kukanganisa mumwedzi gumi nemiviri yapfuura pa74-12%.
"Musiyano uripo pakati pehuwandu hwekukanganisika muhuwandu hweveruzhinji uye hwega hwega zvikumbiro wakakosha. Hurumende inofanirwa kuramba ichivhara gap iri. Sevamiriri vekuchengetedzwa kwevanhu, masangano ehurumende ane basa rekuvhara gaka iri uye kusimbisa chengetedzo kuchengetedza nyika nevagari vayo, "akadaro Chris Eng, Director weKutsvagisa kuVeracode.
Ongororo yedata yakaunganidzwa kubva kune anopfuura mamirioni makumi maviri nemanomwe scans mukati me27 maapplication akabatsira kuburitsa Veracode ichangoburwa pagore State of Software Security report. Chirevo chitsva ichi chinodonongodza zvakawanikwa neruzhinji kubva kune izvo scans uye mashandisirwo, kusanganisira yemubatanidzwa, yenyika uye yenharaunda zvakawanikwa.
Zviverengero zvoga hazviratidzi mhedzisiro yezviito zvehacker pavanoshandisa software bugs uye kusasimba. Mukutanga kwaChivabvu gore rino, kurwiswa kwerudzikinuro kuguta reDallas kwakazunza mashandiro eruzhinji, kusanganisira masisitimu emakombuta anoshandiswa nemasangano ekuchengetedza veruzhinji. Anopfuura mavhiki matatu mushure mekurwiswa, masangano everuzhinji muDallas akange asati apora.
Chidzidzo cheVeracode chakasimbisawo chikonzero nei masangano ehurumende aine tarisiro nezvekuchengetedzwa kwekushandisa. Kuwanikwa kwe "zvakanyanya" zvikanganiso mumashandisirwo ehurumende (16,5%) mumwedzi we12 wakaderera pane zvisiri zvehurumende zvikumbiro (19%). Izvi zvakakosha, nekuti zvikanganiso zvakakomba, kana zvikashandiswa, zvinogona kukanganisa zvakanyanya masisitimu.
Kuedza kwechizvino-zvino chekushandisa kunokurudzira kushandiswa kwezvishandiso zvakasiyana-siyana zvekuongorora chengetedzo, senge Static Security Testing (SAST) uye Software Composition Analysis (SCA), nekuti mhando dzakasiyana dzema scans dzakakura pakufumura marudzi akasiyana ezvikanganiso. SAST neSCA vakawana zvikanganiso zvekushandisa mune yakaderera muzana yemasangano mubazi rehurumende pane mukunyorera mubazi rakazvimirira.
Kuona zvikanganiso zvishoma kana uchishandisa maturusi eSCA zvinogona kuratidza kutanga kweMay 2021 Executive Order (EO 14028), iyo inoraira masangano emubatanidzwa weUS kuti akwidze nhamburiko dzekuchengetedza software yekugovera cheni. Iyi EO inodawo kushandiswa kwakanyanya kwesoftware mabhiri ezvinyorwa (SBOMs), zvinyorwa zvezvinhu zvinoshandiswa musoftware, nekudaro kukurudzira kugovana, kujeka uye kuoneka. Kumwe kunhu, iyo Federal Risk uye Authorization Management Chirongwa (FedRAMP) inomisa kuongororwa kwekuchengetedza kwezvigadzirwa zvemakore nemasevhisi. Saizvozvo, StateRAMP inobvumira hurumende dzematunhu nedzenzvimbo kuti dzione kutevedzera cybersecurity marongero nevanopa masevhisi emakore.
Musiyano wakakura pakati pevashandi vehurumende uye vakazvimirira vega mashandisirwo ekukurumidza kuongorora kufumura zvikanganiso zvitsva musoftware yechinyakare. Kana iyo software yave mukugadzirwa kwemakore mashanu, maindasitiri maviri anosiyana zvakanyanya: mwero wezvikanganiso zvitsva zvinounzwa mumapato akazvimiririra unowedzera, ukuwo mwero uchidzikira mumasangano ehurumende.
Maitiro aya anoratidza kuti masangano ehurumende ari kutarisisa zvakanyanya kuchengetedza zvikumbiro nekufamba kwenguva uye kwete mukati memakore mashoma ekutanga ehupenyu hwavo hunobatsira. Zvikumbiro zviri kunze kwehurumende, zvakasiyana, zvinoratidza kuwedzera zvishoma nezvishoma uye kwakadzikama mukuunzwa kwekukanganisa kutsva pazvinenge zvisingachashandi.
“Bazi rehurumende rasvika kure mukusimbaradza kuchengetedzwa kwezvikumbiro zvinoshandira hurumende yedu, asi masangano achine rwendo rurefu rwekuita kuti agadzirise mashandisiro aanoita padandemutande uye kudzivirira njodzi dzinouya. Nekutarisa kuchengetedza kuchengetedza pamudzi wezvakawanda zvekutyorwa kwecyber - iyo application layer - masangano anogona kuwana budiriro inodiwa. Nguva nenguva kuongorora nemhando dzakasiyana siyana dzebvunzo uye kugadzirisa chikwereti chekuchengetedza - zvakaunganidzwa munjodzi musoftware inotyisidzira kuchengetedzeka kwehurongwa - ichavhura nzira yeramangwana rakachengeteka remasangano ehurumende, "Eng akapedzisa.
Iyo yakazara vhezheni yeruzhinji chikamu chekudzidza kubva kuVeracode's State of Software Security report iripo uye inopa anoenzanisa metrics kumasangano ehurumende.
Vhoriyamu 13 yeVeracode yegore negore State of Software Security report inoongorora mafambiro enhoroondo anoumba mamiriro esoftware uye kuti maitiro ekuchengetedza anochinja sei nemaitiro aya. Mhedzisiro yegore rino yakavakirwa pane ese nhoroondo data yakapihwa neVeracode masevhisi uye vatengi uye inomiririra chikamu chemuchinjiko chemakambani makuru nemadiki, ekutengesa software vatengesi, software outsourcers uye yakavhurika-sosi mapurojekiti. Chirevo ichi chine mhedzisiro pane zvikumbiro zvakaiswa pakuongororwa kwakasimba, ongororo yakasimba, kuongororwa kwesoftware, uye/kana manyorero ekupinda mukati kuburikidza neVeracode's Cloud-based platform. Chirevo chinotarisa data rakapihwa nevatengi veVeracode uye ruzivo rwakaverengerwa kana kutorwa mukati mekuongorora kweVeracode.
BlogInnovazione.it
Iyo musimboti wekuparadzanisa interface ndeimwe yeashanu SOLID misimboti yechinhu-yakatarisana nedhizaini. Kirasi inofanira kuva ne…
Microsoft Excel ndiyo yereferensi chishandiso chekuongorora data, nekuti inopa akawanda maficha ekuronga seti yedata,…
Walliance, SIM uye chikuva pakati pevatungamiriri muEurope mumunda weReal Estate Crowdfunding kubvira 2017, inozivisa kupera…
Filament ndeye "yakawedzera" Laravel kusimudzira chimiro, ichipa akati wandei-akazara-stack zvikamu. Yakagadzirirwa kurerutsa maitiro e…
"Ini ndinofanira kudzoka kuzopedzisa kushanduka kwangu: Ndichazvigadzira mukati mekombuta uye ndive simba rakachena. Kamwe yakagara mu…
Google DeepMind iri kuunza iyo yakagadziridzwa vhezheni yayo yekugadzira njere modhi. Iyo nyowani yakagadziridzwa modhi inopa kwete chete…
Laravel, yakakurumbira kune yayo inoyevedza syntax uye ane simba maficha, zvakare inopa hwaro hwakasimba hwe modular architecture. Ikoko…
Cisco naSplunk vari kubatsira vatengi kumhanyisa rwendo rwavo kuenda kuSecurity Operations Center (SOC) yeramangwana ne…