Facebook Twitter Instagram YouTube LinkedIn
    Facebook Twitter Instagram LinkedIn YouTube
    Trending
    • IDS Alliance Raises Awareness of IAM Fundamentals with the ‘CISO Chronicles’
    • Building Digital Accessibility: AI Requires Human Oversight to Cut Down on Algorithmic Biases
    • BlackBerry Ivy: Enabling a New Age of Electric Secure Autonomous Vehicles
    • Security Automation Cuts Down Expenses and Saves Time for IT Teams
    • IBM Think 2022 – Embracing the Present, Preparing for the Future
    • A Game of Numbers: The Correlation Between Technology and Sports Betting
    • Software-based Enterprise Solutions for Navigating the “Too Much Information” Age
    • A Look At The Last Generation Of Internal Combustion Engines
    TechSpective
    • RSS
    • Facebook
    • Twitter
    • Google+
    • LinkedIn
    • Instagram
    • Pinterest
    • Technology
      Featured
      March 1, 20216

      Could Home Study Be Better for Education? Using Technology to Craft a Better Tomorrow

      Recent
      May 20, 2022

      Building Digital Accessibility: AI Requires Human Oversight to Cut Down on Algorithmic Biases

      May 20, 2022

      BlackBerry Ivy: Enabling a New Age of Electric Secure Autonomous Vehicles

      May 15, 2022

      A Look At The Last Generation Of Internal Combustion Engines

    • Reviews
      Featured
      March 4, 20211

      Dell’s UltraSharp 40 – Improving Work and Workplaces with Monitor Innovations

      Recent
      April 7, 2022

      Dell’s Latitude 5430 Rugged – Redefining the Extremes of Mobile Computing

      October 12, 2021

      Innovating Home Video Conferencing: Dell’s New 27 Video Conferencing Monitor – S2722DZ

      September 22, 2021

      Review: Intrusion Shield

    • Podcasts
    • Security
      Featured
      March 7, 20212

      Pandemic Unmasks Vulnerability to Automated Bot Attacks

      Recent
      May 23, 2022

      IDS Alliance Raises Awareness of IAM Fundamentals with the ‘CISO Chronicles’

      May 14, 2022

      Ransomware is Indiscriminatory – Prepare for Everything to Fail

      May 5, 2022

      Cybersecurity Myths that are Compromising Your Data and How to Address Them

    • Microsoft
      Featured
      September 12, 20201

      The Microsoft Surface Duo: The Communications Device for Those That Think Different

      Recent
      April 8, 2022

      AI and Why Windows 12 Could Be a Far Bigger Advance than Windows 95 Was

      October 11, 2021

      The Surface Laptop Studio: Building a Windows 11 Targeted Laptop

      August 28, 2021

      Why Microsoft’s Hardware Baseline for Windows 11 Is Important

    • News & Analysis
      Featured
      March 6, 20212

      Fixing The World One Person At A Time: Cisco Networking Academy

      Recent
      May 20, 2022

      BlackBerry Ivy: Enabling a New Age of Electric Secure Autonomous Vehicles

      May 20, 2022

      IBM Think 2022 – Embracing the Present, Preparing for the Future

      May 14, 2022

      Apple vs. Dell: Choosing Which Company to Work For

    • Business
      Featured
      March 6, 20212

      Fixing The World One Person At A Time: Cisco Networking Academy

      Recent
      May 20, 2022

      Building Digital Accessibility: AI Requires Human Oversight to Cut Down on Algorithmic Biases

      May 20, 2022

      Security Automation Cuts Down Expenses and Saves Time for IT Teams

      May 18, 2022

      Software-based Enterprise Solutions for Navigating the “Too Much Information” Age

    TechSpective
    You are at:Home»Security»Asset Management»The Importance of Transparency: Finding the Balance Between Security and Visibility
    Intel transparency supply chain security cybersecurity
    Image from Pixabay

    The Importance of Transparency: Finding the Balance Between Security and Visibility

    1
    By Tony Bradley on June 21, 2021 Asset Management, Intel, Security Awareness

    Vulnerabilities are a simple fact of life. The goal for vendors and organizations is not to strive to create perfect hardware or software that has no vulnerabilities—there is no such thing. What’s important is ensuring that relevant details and context are shared so there is awareness of any flaws and an opportunity to address or mitigate security concerns. A paper from IDC—“Silicon as Code, the Cybersecurity Vulnerability Paradox, and the Transparency Requirements for a 21st Century Processor Vendor”—takes a closer look at supply chain risk and the importance of transparency.

    Why does transparency matter? Organizations need to have visibility and context for the vulnerabilities that exist in the hardware and software they use so they can protect them effectively. It is also important for establishing and maintaining trust between security researchers and vendors, as well as between vendors and customers.

    The IDC white paper is sponsored by Intel, which also published its own report on the subject—“The Role of Transparency and Security Assurance in Driving Technology Decision-Making”—earlier this year. Intel is no stranger to the value of transparency and the need for Coordinated Vulnerability Disclosure to ensure that balance is maintained between visibility and security. Information needs to be clearly communicated in a timely manner, but disclosing information publicly too soon actually increases risk.

    Rising Rate of CVEs

    According to the IDC research, there have been more vulnerabilities discovered and identified in the last five years as there were in the prior 16. 2020 saw a decline in total Common Vulnerabilities and Exposures (CVEs), but that may in part be related to global lockdown efforts in response to the COVID-19 pandemic. There is no reason to assume that rate will not go back up and continue to accelerate as nations get vaccinated and businesses open up and return to normal.

    The report also reveals that a typical system reaching end of life today will have seen the disclosure of more than 130,000 CVEs affecting it. The combination of longer PC refresh cycles and dramatically accelerating rates of CVEs disclosed indicates that this number will likely continue to rise.

    Shared Responsibility Model

    It is important for processor platform vendors, system providers, and the customers that use the systems to all cooperate for the most effective protection against vulnerabilities. It is a shared responsibility model where each plays an important role.

    1. Patch creation — processor platform vendor’s responsibility
    2. Availability/distribution of patch — system provider’s responsibility
    3. Application of the patch — system operator’s responsibility

    Intel transparency visibility

    The author of the paper, Frank Dickson, program vice president, Security & Trust at IDC, explains, “Vulnerabilities and their known/unknown status create a cybersecurity paradox. Protecting IT architectures from unknown vulnerabilities is challenging, requiring sophisticated expertise and large resources. Protecting IT architectures from known vulnerabilities is typically more straightforward; the application of a patch is generally considered the greatest return in security.”

    Dickson added, “Proactively sharing internal and external research, developer guidance and mitigation methods to ease the system operator’s burden is as critical as enabling application of the patch. Keys to creating system trust are visibility and transparency.”

    Dickson sums up the paper with, “Vulnerabilities are not malignant by default; they are simply an uncomfortable reality to be addressed. Vulnerabilities don’t become malignant until they are maliciously and nefariously exploited. Persistent and aggressive patching can help prevent exploitation and encourages profit-maximizing cybermiscreants to attack other targets.”

    The most important takeaway from the paper in my opinion is that the more we proactively share research and relevant information, the better it is for everyone. Transparency and trust are key.

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleJack Daniel – Emerging from the Quarantine Cocoon
    Next Article Katie Moussouris – Coordinated Vulnerability Disclosure and the Problem with Bug Bounty Platforms
    Tony Bradley
    • Website
    • Facebook
    • Twitter
    • LinkedIn

    I have a passion for technology and gadgets--with a focus on Microsoft and security--and a desire to help others understand how technology can affect or improve their lives. I also love spending time with my wife, 7 kids, 2 dogs, 5 cats, 1 rabbit, 2 ferrets, a pot-bellied pig, and sulcata tortoise, and I like to think I enjoy reading and golf even though I never find time for either. You can contact me directly at tony@xpective.net. For more from me, you can follow me on Twitter, Facebook, Instagram and LinkedIn.

    Related Posts

    IDS Alliance Raises Awareness of IAM Fundamentals with the ‘CISO Chronicles’

    Cybersecurity Myths that are Compromising Your Data and How to Address Them

    Growing Attacks Underscore the Importance of API Security

    1 Comment

    1. Pingback: Finding the Balance Between Security and Visibility: Daily News - Newszf

    Leave A Reply Cancel Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Site Sponsors
    Intel
    DevOps.com
    Adobe
    PopSpective
    • Technology
    • Popular
    • Top Reviews
    May 20, 2022

    Building Digital Accessibility: AI Requires Human Oversight to Cut Down on Algorithmic Biases

    May 20, 2022

    BlackBerry Ivy: Enabling a New Age of Electric Secure Autonomous Vehicles

    May 15, 2022

    A Look At The Last Generation Of Internal Combustion Engines

    9.0
    July 14, 2016

    Review: Lenovo Yoga 900S

    9.5
    March 2, 2015

    Review: Asus Zenbook UX305 ultrabook

    8.0
    February 9, 2015

    Review: Burg 12 smartwatch

    9.7
    November 16, 2018

    Review: BlackVue DR900S-2CH Vehicle Dash Cam

    9.5
    September 2, 2015

    Review: Microsoft Band

    May 27, 2014

    Protect your family photos with ScanMyPhotos

    Popular Posts
    9.0
    July 14, 2016

    Review: Lenovo Yoga 900S

    9.5
    March 2, 2015

    Review: Asus Zenbook UX305 ultrabook

    8.0
    February 9, 2015

    Review: Burg 12 smartwatch

    PopSpective
    Coffee and Politics
    PopSpective
    Coffee and Politics
    • RSS
    • Facebook
    • Twitter
    • Google+
    • LinkedIn
    • Instagram
    • Pinterest
    About

    TechSpective covers technology trends and breaking news in a meaningful way that brings value to the story, and provides you with information that is relevant to you. We offer in-depth reporting and long-form feature stories, as well as breaking news coverage, product reviews, and community content in plain English terms, and with a unique perspective on technology.

    Adobe

    © 2020 Xpective, Inc.

    • About
    • Privacy
    • Advertise
    • Subscribe
    • Contact
    © 2021 Xpective, Inc.
    • About
    • Privacy
    • Advertise
    • Subscribe
    • Contact

    Type above and press Enter to search. Press Esc to cancel.