Virsec, a cybersecurity company delivering a radically new approach to protect against advanced targeted attacks, today announced the industry’s broadest coverage for MITRE’s new list of the Top 25 Most Dangerous Software Errors. Based on analysis and weighted scoring of over 25,000 vulnerabilities from the NIST National Vulnerability Database (NVD), this report highlights software errors and potential attacks that developers and security professionals should be closely monitoring.
By far the most dangerous error, according to MITRE, is CWE-119, labeled “Improper Restriction of Operations within the Bounds of a Memory Buffer.” This bug allows code to read or write data outside of the buffer’s boundaries. This single risk accounted for almost 20% of the total weighted score for all the top 25.
“Memory-based attacks have become widespread, but few organizations are adequately protected against them,” said L. Barry Lyons IV, Director, Federal Risk Management KPMG. “It’s important that MITRE has highlighted these risks, while vendors like Virsec rollout coverage against these advanced threats.”
The new MITRE list highlights the most widespread and critical weaknesses that can lead to serious vulnerabilities in software. According to MITRE, “These weaknesses are often easy to find and exploit. They are dangerous because they will frequently allow adversaries to completely take over execution of software, steal data, or prevent the software from working.”
The top 10 errors, which account for almost 80% of the total weighted risk are all related to advanced memory or web-based threats. Virsec is the only vendor that provides complete protection across the full application stack including the web, memory, and host layers. Mapping coverage to the new MITRE list, Virsec provides:
- Complete coverage for MITRE’s top 10 most dangerous errors
- Full coverage for errors that account for 94% of the total risk scores
- Coverage for 100% of the memory-based and web-based errors listed
“It’s not surprising that MITRE has found a memory-based threat to be the most dangerous. Vulnerabilities in memory are a blind spot for most enterprises, and can be exploited during runtime, bypassing conventional security tools,” said Satya Gupta, CTO of Virsec. “Our mission is to provide the most robust protection against advanced memory and web attacks, and we support MITRE shining a light on these risks.”
Based in San Jose, California, Virsec delivers innovative solutions to counter today’s advanced cyberattacks. The company is led by industry veterans who have driven one of the world’s top processor teams, and created innovative technology in network security, embedded systems and real-time memory systems. The team has broad leadership experience at companies including AMD, Cisco, Palo Alto Networks, Juniper, Dell, NextGen, BMC Software, ForcePoint, as well as a long list of high-growth startups. More information and demos are available at www.virsec.com.