Impact of the GNU glibc gethostbyname Function Buffer Overflow “GHOST” Vulnerability on EMC/RSA Products

The “Ghost” vulnerability (CVE-2015-0235) in the gethostbyname functions of the GNU C Library (glib), which is commonly found in Linux based operating systems, affects applications calling this function. In some special instances, the successful exploitation of this vulnerability could allow an attacker to perform remote code execution on … READ MORE

Reeny Sondhi January 29th, 2015

Impact of the GNU Bash ShellShock Vulnerability on EMC/RSA products

The ShellShock vulnerability (CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186 & CVE-2014-7187) affects GNU Bash that could allow an unauthenticated remote attacker to inject arbitrary commands on a targeted system. Following the release of this vulnerability, we immediately initiated a review of EMC Information Infrastructure and RSA products to assess any potential … READ MORE

Reeny Sondhi September 25th, 2014

Impact of the OpenSSL Heartbleed vulnerability on EMC products

The Heartbleed vulnerability (CVE-2014-0160) affects the popular OpenSSL cryptographic software library used to secure internet communication. Following the release of this OpenSSL vulnerability, we immediately initiated a review of EMC Information Infrastructure and RSA products to assess any potential impact.

Reeny Sondhi April 11th, 2014

DevOps & Application Security: People You Need to Know

Eric Baize, Senior Director of the Product Security Office, was recently featured in the Trusted Software Alliance’s 50 in 50 Interview Series along with other stalwarts from the DevOps & Application Security world. Eric talks about the importance of incorporating software security as part of software programming curricula … READ MORE

Reeny Sondhi August 21st, 2013

Software Security at EMC: The Journey So Far

As the lead of the Product Security Assurance team at EMC, I am often asked to talk about our software security practices. While previously we have shared our practices with industry presentations, SAFECode papers, etc., I thought now is as good a time as ever to write a blog … READ MORE

Reeny Sondhi June 25th, 2013

EMC’s Approach to Vulnerability Response

Let’s face it – real software products have security vulnerabilities! While building strong secure software development practices goes a long way towards detecting and helping to eliminate security vulnerabilities during the development process, a strong product security program also needs to be prepared to properly handle and respond … READ MORE

Reeny Sondhi December 14th, 2012
Click to Load More