Pieter Danhieux | The Blog Pros

June 26, 2024

The XZ Utils Backdoor in Linux: A Symptom of Ailing Security in the Software Supply Chain

The cybersecurity industry was once again placed on high alert following the discovery of an insidious software supply chain compromise. The vulnerability, affecting the XZ Utils data compression library that ships with major Linux distributions, is logged under CVE-2024-3094 and boils down to a backdoor deliberately inserted by a once-trusted volunteer system maintainer, who managed to socially engineer his way to a position of trust before turning rogue. Allowing remote code execution (RCE) in some instances if successfully exploited represents a high-severity issue with the ability to cause serious damage in established software build processes.

Thankfully, another maintainer discovered this threat before the malicious code entered stable Linux releases, but, if this discovery were not made in time, the risk profile would make it one of the most devastating supply chain attacks on record, perhaps even eclipsing SolarWinds.

January 28, 2020

Shifting Left Is Not Enough: Why Starting Left Is Your Key to Software Security Excellence

In a digitally-driven world, we are at an ever-increasing risk of data theft. With large organizations acting as the gatekeepers of our precious information, many are recognizing the need to implement stringent security standards.

Much of the initiative around shifting left, that is, introducing security much earlier in the development process, simply doesn't move the needle far enough. There is an implication there that we are still beginning the process the wrong way, ultimately backpedaling to achieve the outcome of more secure software. We must start left, enacting a cultural shift that positively engages development teams and arms them with the knowledge they currently lack. However, all training and tools are not equal. In this article, we explain the ways you can truly empower the development team, transforming them into your defensive front-line against costly cyberattacks.

The Art of Manual Regression Testing
No categories
The tech world of software development is characterized by fast-paced and constant evolution. Code keeps changing, new features are introduced, and bugs are fixed frequently. These changes are crucial for improving the overall development structure. Ho... […]
Understanding Properties of Zero Trust Networks
No categories
Zero Trust is a well-known but 'hard-to-implement' paradigm in computer network security. As the name suggests, Zero Trust is a set of core system design principles and concepts that seek to eliminate the practice of implicit trust-based security. The ... […]
Mastering Distributed Caching on AWS: Strategies, Services, and Best Practices
No categories
Distributed caching is a method for storing and managing data across multiple servers, ensuring high availability, fault tolerance, and improved read/write performance. In cloud environments like AWS (Amazon Web Services), distributed caching is pivota... […]
Step-By-Step Guide To Crafting an Effective Bug Report
No categories
Bugs are an integral part of the development process. Along with the bugs you need to write a bug report. So in this blog post, we are sharing some effective tips and tricks to write bug reports. Bugs are bound to happen when you’re developing an ... […]
Testing Mobile Apps: Step-By-Step Guide
No categories
Technology is growing every day and so is the use of mobile phones in our lives. For as little as ordering groceries for our homes to handling our finances through banking and other financial apps, mobile applications are an integral part of our daily ... […]