Software is no longer created from scratch. In fact, most applications are created with open source software and these are used by both individuals and organisations. The fact is that development professionals use open source software to ensure they can make their applications quickly and offer them to users and customers.
However, most of the applications that are being downloaded have a security vulnerability due to a defect in the open source software. So, the finished applications, be it for defence, entertainment, medical or financial services, are risky and can include a back door to let in hackers and allow access to user data.
Organisations who want to comply with the General Data Protection Regulation (GDPR) should take a closer look at their applications. The regulation holds organisations responsible for their IT infrastructure, including applications that they use. If they fail to comply with the rules of the GDPR due to software vulnerabilities, companies risk high fines of up to €20 million or 4% of their annual turnover, depending on which one is greater.
Learn from other’s mistakes
Data is highly valuable in modern times. Hence, hackers are using innovative methods to gain access to it. As the number of attacks is increasing, businesses cannot ignore the vulnerabilities and exploits that are present in their software. In fact, organisations should learn from other business’ mistakes.
A good example is Equifax. It was hacked in 2017 and hackers required just three days to gain access to the sensitive data of customers in the UK and the US. Hackers were able to get access the data of 145 million customers, thanks to a known security vulnerability in the Apache Struts2 software that Equifax was using. Apache Struts2 is open source software.
The breach saw several top management professionals leaving the company. However, that was not all. The GDPR was not in effect when the breach occurred. As per the GDPR, companies have to notify customers within 72 hours of finding the breach or risk penalties amounting to millions of dollars. Equifax waited 40 days before revealing the breach and this saved it millions in fines but caused severe reputational damage.
Ensure software security from the start
To comply with the GDPR and ensure your company does not suffer reputation damage like Equifax, it is imperative to ensure safeguards from the start of the software lifecycle to the end. Make sure when you are using open source software to create an application, you embed governance and compliance guardrails from the very beginning. This way, you will continue with your software and application development, but with the right IT security measures in place. This will minimise the chances of a breach and ensure you comply with the prevailing regulations.
Companies should ensure their software development teams use the best practices of development, security and operations (DevSecOps). When you adopt DevSecOps principals, it will ensure that governance and compliance requirements become part of the software development lifecycle from the very beginning. As a result, these safeguards protect the application and also ensure developers do not slowdown in their innovation.
Developers can view the safeguards and will be able to discern which software is effective and which ones have flaws. They can take remedial measures to fix the flaws and significantly reduce the likelihood of a breach.
While the focus today is on automated applications, organisations should not forget that their website hosting and server play a major role in keeping their network safe. Hence, they should choose their hosting provider with care. It will ensure that applications can run in a safe environment, without allowing unauthorised third parties to gain access to them.Return to blog page