News, ideas, and perspectives on security, safety, and privacy in
Communications, IIoT, and beyond.

An Analysis of Recent Changes to MITRE’s CWE Database

August 30, 2021
| Leslie Barthel

The ever-expanding universe of cybersecurity threats plaguing embedded systems today is  only getting more dangerous, costly, and pervasive with every year that passes.

Security Defense-in-Depth

Stopping the Most Common CWE Threats in Embedded Systems

August 17, 2021
| Leslie Barthel

 

The threat universe for embedded systems is seemingly endless. To try to make sense of it all, we turn to MITRE’s CWE database. It’s a publicly-available, community-developed list of software and hardware weaknesses. Its purpose is to serve as...

Security CoreGuard Defense-in-Depth

A Q&A on Securing Embedded Systems

August 12, 2021
| Kylee Malkiewicz

In order to make sense of the many threats plaguing embedded systems today, we turn to MITRE’s Common Weakness Enumeration (CWE) database. This database serves as a tool to help categorize the tens of thousands of common vulnerabilities and...

Security CoreGuard Defense-in-Depth

Everything You Need to Know About CWEs

July 21, 2021
| Kylee Malkiewicz

In order to understand the many potential cyberattacks that threaten you and your organization, we turn to MITRE’s Common Weakness Enumeration (CWE) database as a key first step.

Security Defense-in-Depth

How to Secure Systems with Fine-Grained Compartmentalization

June 30, 2021
| Kylee Malkiewicz

Compartmentalization is one of the seven layers in the Cybersecurity Stack. It works by separating data and software on a processor into different compartments to effectively limit the scope of damage of potential cyberattacks only to the...

Security CoreGuard Defense-in-Depth

Here's Everything You Need to Know About the Baron Samedit Bug

June 08, 2021
| Jothy Rosenberg

In January 2021, a major buffer overflow vulnerability, impacting a large chunk of the Linux ecosystem, was discovered in the sudo application by security auditing firm, Qualys. The vulnerability, known widely as “Baron Samedit,” received a CVE...

Security CoreGuard Defense-in-Depth

BadAlloc: The Latest Buffer Overflow Vulnerability Impacting the IoT

May 24, 2021
| Kylee Malkiewicz

It wasn’t too long ago that we wrote a roundup of the severe buffer overflow vulnerabilities discovered in the just the first quarter of 2021, but the all-too-common bug has made the news yet again. 

Security CoreGuard IIoT

Is Quantified Cybersecurity Assurance Possible?

May 05, 2021
| Greg Sullivan

It is often difficult to evaluate the current offerings of cybersecurity products against the needs of a particular software-intensive, safety-critical platform. One reason for this is the collection of grand but unsubstantiated claims of...

Security CoreGuard Privacy

Here's What You Need to Know About Supply Chain Attacks

April 14, 2021
| Kylee Malkiewicz

As information about the SolarWinds attack continues to come to light, a new focus is being placed on the software supply chain and the cybersecurity risks it poses. The frequency and popularity of software supply chain attacks (also known as...

Security CoreGuard Defense-in-Depth

Cybersecurity at the Edge

February 09, 2021
| Kylee Malkiewicz

Edge computing is simply the processing of data closer to the data source—instead of relying on the cloud or a centralized data center to do the computing. Edge devices compute data locally and provide an efficient means of transmitting and...

Security CoreGuard Safety Defense-in-Depth IIoT