Only 3% of Open Source Software Bugs Are Actually Attackable, Researchers Say

A new study says 97% of open source vulnerabilities linked to software supply chain risks are not attackable — but is "attackability" the best method for prioritizing bugs? [TechWeb]( Follow Dark Reading: [RSS]( June 27, 2022 LATEST SECURITY NEWS & COMMENTARY [Only 3% of Open Source Software Bugs Are Actually Attackable, Researchers Say]( A new study says 97% of open source vulnerabilities linked to software supply chain risks are not attackable — but is "attackability" the best method for prioritizing bugs? [7 Steps to Stronger SaaS Security]( Continuous monitoring is key to keeping up with software-as-a-service changes, but that's not all you'll need to get better visibility into your SaaS security. [Without Conti on the Scene, LockBit 2.0 Leads Ransomware Attacks]( Analysts say an 18% drop in ransomware attacks seen in May is likely fleeting, as Conti actors regroup. [APT Groups Swarming on VMware Servers with Log4Shell]( CISA tells organizations running VMware servers without Log4Shell mitigations to assume compromise. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [How APTs Are Achieving Persistence Through IoT, OT, and Network Devices]( To prevent these attacks, businesses must have complete visibility into, and access and management over, disparate devices. [Chinese APT Group Likely Using Ransomware Attacks as Cover for IP Theft]( Bronze Starlight’s use of multiple ransomware families and its victim-targeting suggest there’s more to the group’s activities than just financial gain, security vendor says. [Name That Toon: Cuter Than a June Bug]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [MORE]( EDITORS' CHOICE [Chinese APT Group Likely Using Ransomware Attacks as Cover for IP Theft]( Bronze Starlight’s use of multiple ransomware families and its victim-targeting suggest there’s more to the group’s activities than just financial gain, security vendor says. LATEST FROM THE EDGE [The Cybersecurity Talent Shortage Is a Myth]( We have a tech innovation problem, not a staff retention (or recruitment) problem. LATEST FROM DR TECHNOLOGY [Security Lessons From Protecting Live Events]( Security defenders working for large venues and international events need to be able to move at machine speed because they have a limited time to detect and recover from attacks. The show must go on, always. WEBINARS - [Building and Maintaining an Effective Remote Access Strategy]( The COVID-19 pandemic transformed enterprises into remote workplaces overnight, forcing IT organizations to revamp their computing and networking strategies on the fly. Some of the changes were intended to be temporary, and some rules were adopted without thinking through all ... - [How Ransomware Works - And What You Can Do to Stop It]( From Darkside, to Lockbit, to Conti, ransomware gangs pulled off many headline-making attacks in the last year and they have evolved their techniques to become more stealthy and sophisticated when targeting organizations. In this webinar, experts walk you through the ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Incorporating a Prevention Mindset into Threat Detection and Response]( - [Five Best Practices for AWS Security Monitoring]( - [Gartner, Quick Answer: How Can Organizations Use DNS to Improve Their Security Posture?]( - [Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal]( - [The Many Facets of Modern Application Development]( - [Endpoint Detection Net Suite Use Cases]( - [Ambush Attackers at the Endpoint with the Endpoint Detection Net (EDN) Suite]( [View More White Papers >>]( FEATURED REPORTS - [Incorporating a Prevention Mindset into Threat Detection and Response]( - [Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal]( With attacks and breaches on the rise, enterprise security teams need full visibility over what they have in their network. DNS is a key tool for visibility and asset discovery. Proactive DNS-layer security - such as using DNS data to ... - [How Enterprises Plan to Address Endpoint Security Threats in a Post-Pandemic World]( Dark Reading's 2022 Endpoint Security Report examines how IT and cybersecurity professionals are grappling with the impact of pandemic-related changes on endpoint security strategies. The report explores how they are building their endpoint security defenses, and provides insight on what organizations ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Synopsys Completes Acquisition of WhiteHat Security]( [Palo Alto Networks Bolsters Its Cloud Native Security Offerings With Out-of-Band WAAS]( [Johnson Controls Acquires Tempered Networks to Bring Zero Trust Cybersecurity to Connected Buildings]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Improving Enterprise Cybersecurity With XDR]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)