Author Archives: amoulton2

Code Security First: Tackling CVEs in Your Development Workflow

In the ever-evolving landscape of cybersecurity, Common Vulnerabilities and Exposures (CVEs) are publicly disclosed security flaws that pose a significant risk to software systems. These vulnerabilities, if left unchecked, can be exploited by malicious actors. Developers, therefore, play a critical role in defending their code against known CVEs, ensuring secure software development from the very first commit. The article “Defending Your Commits from Known CVEs” explores a tool that developers can use to safeguard their work, integrating security seamlessly into the development lifecycle. This blog post reflects on the key insights from the resource, what I’ve learned, and how I plan to apply these practices in my future as a software professional.

The article emphasizes the prevalence of open-source components in modern projects and warns about how these components can add vulnerabilities to your project. This article particularly stresses the use of the tool Git Guardian Software Composition Analysis to catch CVE’s before they are added in a commit. Git Guardian SCA is a vulnerability scanner made by Hacker News to catch risks early.

I selected this article because it connects directly to our course discussions on open-source development and using Git. Understanding how to mitigate CVE risks is essential in order for us to be modern developers, and this article provides a useful tool to enable us towards this goal. It also touches on the use of open-source software.

From this article I learned that the open-source movement has a profound place in current development. It blows my mind that 96% of current projects have open-source components and that anywhere from 70% to 90% of any given modern software is open-source components. I don’t know if I should be happy that the world is working together so much or sad that apparently a lot of software development is not as much coding as I initially thought. It also explained how you can automate the tool’s use with Git hooks which was a new resource that I was introduced to. It allows the developer to automatically trigger actions at different points of gits execution.

Going forward I will be much more vigilant in using any piece of open-source software since apparently a large number of those projects could be using CVE’s. I will also try to expand this vigilance to the rest of any future teams I am a part of. I will probably also look into making my own tools to integrate with git hooks.

link to the article :
https://thehackernews.com/2024/05/defending-your-commits-from-known-cves.html

From the blog CS@Worcester – Coder's First Steps by amoulton2 and used with permission of the author. All other rights reserved by the author.

Introductory Posts for CS-343 and CS 348

I’m excited to kick off this blog as part of my journey through Computer Science. Throughout the semester, I’ll be posting regularly as part of assignments from my professor. These posts will cover a variety of topics, from programming projects and tech insights to reflections on my learning process.

Whether you’re also in the field or just curious about tech, feel free to follow along! I look forward to sharing my experiences and growing through these discussions.

Stay tuned for more!

From the blog CS@Worcester – Coder's First Steps by amoulton2 and used with permission of the author. All other rights reserved by the author.