-
ZDI-CAN-25952: Autodesk
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Rocco Calvi (@TecR0c) with TecSecurity’ was reported to the affected vendor on: 2024-12-18, 17 days ago. The vendor is given until 2025-04-17 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.…
-
ZDI-CAN-25951: Autodesk
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Rocco Calvi (@TecR0c) with TecSecurity’ was reported to the affected vendor on: 2024-12-18, 17 days ago. The vendor is given until 2025-04-17 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.…
-
ZDI-CAN-25788: Oracle
A CVSS score 7.5 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Emad Al-Mousa’ was reported to the affected vendor on: 2024-12-18, 17 days ago. The vendor is given until 2025-04-17 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory. A CVSS score…
-
ZDI-CAN-25849: Lexmark
A CVSS score 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘nella17 (@nella17tw), working with DEVCORE Internship Program, and DEVCORE Research Team’ was reported to the affected vendor on: 2024-12-18, 17 days ago. The vendor is given until 2025-04-17 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate…
-
Preparing for Post-Quantum Cryptography: Key Takeaways from SAFECode’s Working Group
As we mentioned in a previous blog, SAFECode’s post-quantum cryptography (PQC) working group has reached a milestone. NIST has standardized its first wave of post-quantum encryption algorithms, and our working group has identified key activities that will enable our members to manage the transition to quantum-resistant cryptography and adapt to the emergence of new algorithms…
-
The PQC Algorithm FIPS are Published – Now What?
By Brian Rosenberg, RTX Corporation and Judith Furlong, Dell Technologies with Matthew Lyon, Dell Technologies; Steve Lipner, SAFECode Introduction We made it – this far! The U.S National Institute of Standards and Technology (NIST) recently published the Federal Information Processing Standards (FIPS) for three post-quantum cryptography (PQC) algorithms, marking the end of the beginning of…
-
Celebrating Dedication and Innovation: Highlights from SAFECode Day 2024
Over 50 SAFECode members and industry leaders came together for a dynamic SAFECode Day 2024! The event featured exciting project updates, lively discussions, and an inspiring keynote from Anne Neuberger, Deputy Assistant to the President, who emphasized the crucial role of cybersecurity in today’s digital landscape. It was great to hear our members share their…
-
Secure by Design? The U.S. Government and Requirements for Secure Development
The last two months have seen the release of three new U.S. Government documents related to software security: The National Cybersecurity Strategy released in early March covers the landscape of cybersecurity concerns and introduces the concept of shifting the liability for insecure software products and services from consumers to suppliers. In mid-April, The Cybersecurity and…
-
Threat Modeling at Scale
According to the Threat Modeling Manifesto, Threat Modeling is an activity “for analyzing representations of a system to highlight concerns about security and privacy and if applicable, safety characteristics”. Threat modeling is a crucial activity of the secure development lifecycle (SDL) for identifying and mitigating weaknesses and potential security vulnerabilities. Threat modeling is most effective…
-
New SAFECode Member Council to Ensure Greater Industry Collaboration on Software Security
Oracle’s John Heimann and Siemens Energy’s Manuel Ifland Elected to Lead the Member Council WAKEFIELD, Mass. – March 6, 2024 – SAFECode has announced a new Member Council to direct its industry-led efforts to advance software security practices. Chaired by John Heimann, Vice President of Security Program Management at Oracle, and Vice Chaired by Manuel…