Celebrity iCloud Hack Reinforces CAST Research Findings

If you were too busy enjoying your Labor Day festivities, you might have missed the news of several famous celebrities having their iCloud photostream hacked and dozens of compromising photos suddenly appearing on the web. It’s a scary story, and one that sparked a national conversation about how secure your data really is on the cloud, and how far organizations like Apple should go to protect that data.

However, there is a scarier hacker story out there, and one that most major news outlets haven’t covered with much concern, or glossed over completely in a single news cycle. Don’t get me wrong, having one’s personal photos taken without permission and pasted on the web is illegal and a breach of personal privacy. On the other hand, imagine a hack like that but instead of celebrities’ iPhones, substitute 70 percent of the largest financial services and retail organizations in the world. And instead of their nude photos, substitute the personal financial data of all their customers, including you.

That was just one of the findings announced in our ongoing research on application software health, which discovered a staggering number of industries with applications still vulnerable to Heartbleed-style attacks. The research also confirmed a direct link between poor code quality and the growing number of data breaches and security incidents.

You can find some of the announcement coverage below:

Dark Reading – “Backoff, Dairy Queen, UPS & Retail’s Growing PoS Security Problem”
The Register – “Banking apps: Handy, can grab all your money … and RIDDLED with coding flaws”
Real Business – “7 out of 10 retail and finance apps vulnerable to attack, warns report”
Computer Weekly – “Finance and retail applications most vulnerable to breaches”
Information Age – “Seven out of ten retail and finance applications vulnerable to Heartbleed-style attacks”
Cyber Parse – “Finance and retail applications most vulnerable to breaches”
The C Suite UK – “70% of Retail and Finance Apps Vulnerable to Heartbleed-Styled Attacks”
MicroScope – “Majority of retail and financial software is vulnerable to attack”

If you want to read even more findings from our ongoing research, you can register to receive a copy of the executive summary when it’s published at the end of September.

Filed in: CAST News Industry News Technical Debt

Â This report describes the effects of different industrial factors on structural quality. Structural quality differed across technologies with COBOL applications generally having the lowest densities of critical weaknesses, while JAVA-EE had the highest densities. While structural quality differed slightly across industry segments, there was almost no effect from whether the application was in- or outsourced, or whether it was produced on- or off-shore. Large variations in the densities in critical weaknesses across applications suggested the major factors in structural quality are more related to conditions specific to each application. CRASH Report 2020: CAST Research on the Structural Condition of Critical Applications Report

Open source is part of almost every software capability we use today. At the very least libraries, frameworks or databases that get used in mission critical IT systems. In some cases entire systems being build on top of open source foundations. Since we have been benchmarking IT software for years, we thought we would set our sights on some of the most commonly used open source software (OSS) projects. Software Intelligence Report <> Papers

Making sense of cloud transitions for financial and telecoms firms Cloud migration 2.0: shifting priorities for application modernization in 2019 Research Report

Stephanie Watkins