IS Buzz News - 3/5/18
[Ed. Note. Byline by Chris Wysopal, CTO, CA Veracode]
In response to the news that new “Spring Break” critical remote code execution (RCE) vulnerability, which is affecting Pivotal Spring frameworks including Spring Boot, the world’s most popular framework for building web applications, Chris Wysopal, CTO at CA Veracode commented below.
News of “Spring Break” – the critical remote code execution (RCE) vulnerability (CVE-2017-8046) affecting projects in Pivotal Spring frameworks including Spring Boot, the world’s most popular framework for building web applications – is another example of the continuous challenge that organisations face in maintaining the security of their applications.
The importance of reacting quickly to “Spring Break” cannot be underestimated. A similar RCE vulnerability found in Apache Struts 2 last year was the root of a recent mega-breach, which put at risk the data of 143 million Americans. Of course, mitigating the risk of even severe vulnerabilities is no mean feat – even the most severe flaws take time to fix and our own research has shown that just 14% of high severity flaws are closed within 30 days or less.