Impact of the GNU glibc gethostbyname Function Buffer Overflow “GHOST” Vulnerability on EMC/RSA Products

The “Ghost” vulnerability (CVE-2015-0235) in the gethostbyname functions of the GNU C Library (glib), which is commonly found in Linux based operating systems, affects applications calling this function. In some special instances, the successful exploitation of this vulnerability could allow an attacker to perform remote code execution on a targeted … READ MORE

Reeny Sondhi January 29th, 2015

Impact of the GNU Bash ShellShock Vulnerability on EMC/RSA products

The ShellShock vulnerability (CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186 & CVE-2014-7187) affects GNU Bash that could allow an unauthenticated remote attacker to inject arbitrary commands on a targeted system. Following the release of this vulnerability, we immediately initiated a review of EMC Information Infrastructure and RSA products to assess any potential impact.

Reeny Sondhi September 25th, 2014

Impact of the OpenSSL Heartbleed vulnerability on EMC products

The Heartbleed vulnerability (CVE-2014-0160) affects the popular OpenSSL cryptographic software library used to secure internet communication. Following the release of this OpenSSL vulnerability, we immediately initiated a review of EMC Information Infrastructure and RSA products to assess any potential impact.

Reeny Sondhi April 11th, 2014

DevOps & Application Security: People You Need to Know

Eric Baize, Senior Director of the Product Security Office, was recently featured in the Trusted Software Alliance’s 50 in 50 Interview Series along with other stalwarts from the DevOps & Application Security world. Eric talks about the importance of incorporating software security as part of software programming curricula at universities. … READ MORE

Reeny Sondhi August 21st, 2013

Software Security at EMC: The Journey So Far

As the lead of the Product Security Assurance team at EMC, I am often asked to talk about our software security practices. While previously we have shared our practices with industry presentations, SAFECode papers, etc., I thought now is as good a time as ever to write a blog post to … READ MORE

Reeny Sondhi June 25th, 2013

EMC’s Approach to Vulnerability Response

Let’s face it – real software products have security vulnerabilities! While building strong secure software development practices goes a long way towards detecting and helping to eliminate security vulnerabilities during the development process, a strong product security program also needs to be prepared to properly handle and respond to security … READ MORE

Reeny Sondhi December 14th, 2012

SAFECode Releases Software Security Guidance for Agile Practitioners

In the Product Security Office, we often get questions from developers across the industry on how to apply EMC’s Security Development Lifecycle to an Agile development model. Software security practices have been traditionally considered as suitable for serial waterfall development methodologies and there has been a lot of debate in … READ MORE

Reeny Sondhi July 26th, 2012
Click to Load More