What in today’s tech environment makes below the operating system vulnerabilities a risk worth worrying about?
CISO in Software, 51 - 200 employees
I think where this gets extraordinarily interesting is in the Azure/GCP/AWS environments. That has a material impact on me. And I think all of us in some way, shape or form are in the cloud, whether we want to be or not. That's what we do. We are SaaS. And if AWS comes out tomorrow and says, "Hey, there's a kernel level, firmware level issue on every service that we have. And we don't know how long it's been going on and we're not sure what information has been leaked.. that would be Spectre/Meltdown on steroids, right? That's going to be a bad day, it’s not going to be fun. That's that vertical risk, it's not sprawling so much left to right as it is up and down, because we are so ingrained in GCP and AWS and Azure. If those services go down, our services go down.Board Member, Advisor, Executive Coach in Software, Self-employed
Yeah. And you can take the same thing for the internet, whether it be Charter SpectrumSptig, AT&T, whatever, because you go “there's the compute stack that's in the cloud. If that goes down your service is dead.” But there's also the connection between you and your customer, and between the data center and the customer stuff that is internet controlled. So you have the same thing, even with the telcos. That would be the equivalent of an AWS or an Azure Richter 10 level issue.
Board Member, Advisor, Executive Coach in Software, Self-employed
There's certainly been an uptick in the vulnerability research and discovery of vulnerabilities in below the operating system areas. It was a relatively obscure research area even 10 years ago, other than for nation state actors, but in the broad public community that has been growing. And even in the past year or so multiple substantial vulnerabilities, not only in IOT devices, but PCs and servers, and even the cloud infrastructure have been found. There was a report several weeks ago by Steve Mancini, who's at a company that focuses on below the operating system security issues. He's not only the CISO, but he runs the threat and intelligence team. They published a report on the malware trick bot and it doing discovery and the potential for it to play with things in the firmware. And there's been other discoveries in the UEFI area of vulnerabilities. You're even seeing more security companies now, startups starting to focus in that area because the real threat researchers, the real hardcore hardware security folks are seeing the threats because they've been working them in the companies that they've supported in the hardware ecosystem, but they don't see that the market has been addressing it well enough. So they're going and creating their own startups to try and get better security development, life cycle, better detection and mitigation of maliciousness and stuff.
CIO in Education, 201 - 500 employees
As more and more is connected/integrated, there are no true ‘safe spaces’ from risk and vulnerability anymore. If there’s a gap, it’ll be found.Content you might like
Structured Business Data62%
Unstructured Business Data37%
532 PARTICIPANTS
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.ISSO and Director of the IRU in Healthcare and Biotech, 10,001+ employees
I would definitely suggest this based of how you categorize your types of data/systems and information being stored in certain parts of your data center. I think it’s really dependent on the size of your organization and ...read moreFraud mitigation19%
Protection of reputation and brand56%
Protection of consumer data19%
Regulatory or compliance requirements6%
176 PARTICIPANTS
Yeah. It's interesting when you mention the attack surface. You've got the equivalent of urban sprawl this way. With more devices, more applications, more virtualization and stuff like that. And then we have the equivalent of the depth from the GUI, as it starts walking its way down into the layers of Silicon. Which again, when you go within those, those are also widening. So you have everything kind of going deeper and everything getting wider. And then you're proliferating more devices that have both deeper stacks that are now potentially vulnerable and a wider variety of them in different parts of the world. So it becomes this multi-dimensional attack surface growth.