https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/software-security/cves/Recent content in CVEs onHugo -- gohugo.ioen-USFri, 30 Jun 2023 19:07:55 +0000https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/software-security/cves/cve-intro/Fri, 30 Jun 2023 19:10:09 +0000https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/software-security/cves/cve-intro/A software vulnerability is a weakness in a program which, if left unaddressed, may be used by attackers to access, manipulate, or compromise a computer system. Vulnerabilities can be introduced at different stages of development and vary in their scope, criticality, and potential attack vector depending on their root cause. As a consequence, software developers spend time and resources triaging, remediating, and patching vulnerabilities to harden their software security and to prevent attackers from exploiting unintended program behavior.https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/software-security/cves/cve-why-care/Thu, 13 Jul 2023 19:46:58 +0000https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/software-security/cves/cve-why-care/Software products are prone to vulnerabilities which, if exploited by an attacker, may negatively impact the systems and consumers relying on them. Attacks against vulnerable software systems can result in the unintended exposure and misuse of sensitive data (like the theft of user account credentials). In other cases, these attacks could affect the provision of a service, or compromise critical infrastructure that relies on the software. Given the considerable threat that they can pose, it is important that developers spend time mitigating vulnerabilities to protect against hackers seeking to exploit them.https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/software-security/cves/infamous-cves/Fri, 21 Jul 2023 19:16:39 +0000https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/software-security/cves/infamous-cves/Software vulnerabilities vary in their severity – some are difficult to exploit and have minimal implications, while others can be exploited easily, giving an attacker significant leverage over a computer system. In cases where widely-implemented software contains high-severity vulnerabilities, the damage caused by their exploitation can affect millions of developers and services worldwide. In this article, you will learn how the KEV Catalog tracks known exploited software vulnerabilities, and how it serves as a tool for developers and federal agencies.https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/software-security/cves/cve-remediation/Mon, 31 Jul 2023 14:04:10 +0000https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/software-security/cves/cve-remediation/At worst, a software vulnerability can impose a critical security flaw that warrants attention. Developers care about mitigating software vulnerabilities because their presence may harm the integrity of their product, negatively affect downstream users, or slow down efforts toward meeting regulatory requirements. However, modern software development practices which incorporate third-party packages in addition to newly scripted code can complicate the vulnerability remediation process. Keeping track of how and where vulnerabilities are introduced, as well as what introduced them, is an arduous task when multitudes of dependencies are working together.