If you were too busy enjoying your Labor Day festivities, you might have missed the news of several famous celebrities having their iCloud photostream hacked and dozens of compromising photos suddenly appearing on the web. It’s a scary story, and one that sparked a national conversation about how secure your data really is on the cloud, and how far organizations like Apple should go to protect that data.
However, there is a scarier hacker story out there, and one that most major news outlets haven’t covered with much concern, or glossed over completely in a single news cycle. Don’t get me wrong, having one’s personal photos taken without permission and pasted on the web is illegal and a breach of personal privacy. On the other hand, imagine a hack like that but instead of celebrities’ iPhones, substitute 70 percent of the largest financial services and retail organizations in the world. And instead of their nude photos, substitute the personal financial data of all their customers, including you.
That was just one of the findings announced in our ongoing research on application software health, which discovered a staggering number of industries with applications still vulnerable to Heartbleed-style attacks. The research also confirmed a direct link between poor code quality and the growing number of data breaches and security incidents.
You can find some of the announcement coverage below:
- Dark Reading – “Backoff, Dairy Queen, UPS & Retail’s Growing PoS Security Problem”
- The Register – “Banking apps: Handy, can grab all your money … and RIDDLED with coding flaws”
- Real Business – “7 out of 10 retail and finance apps vulnerable to attack, warns report”
- Computer Weekly – “Finance and retail applications most vulnerable to breaches”
- Information Age – “Seven out of ten retail and finance applications vulnerable to Heartbleed-style attacks”
- Cyber Parse – “Finance and retail applications most vulnerable to breaches”
- The C Suite UK – “70% of Retail and Finance Apps Vulnerable to Heartbleed-Styled Attacks”
- MicroScope – “Majority of retail and financial software is vulnerable to attack”
If you want to read even more findings from our ongoing research, you can register to receive a copy of the executive summary when it’s published at the end of September.
Erik Oltmans, an Associate Partner from EY, Netherlands, spoke at the Software Intelligence Forum on how the consulting behemoth uses Software Intelligence in its Transaction Advisory services.
Erik describes the changing landscape of M & A. Besides the financial and commercial aspects, PE firms now equally value technical assessments, especially for targets with significant software assets. He goes on to detail how CAST Highlight makes these assessments possible with limited access to the targetâ€™s systems, customized quality metrics, and liability implications of open source components - all three that are critical for an M&A due diligence.