When I was young, we had toy bricks made of cardboard that were great for tiny hands. They were lightweight and easy to stack, and we created many walls, forts, and towers. As wonderful as these were, they would do little to protect against an attacking army. For that, we’d need strong material and sound construction for defense. Quarried stone and stout mortar were excellent for those medieval castles and physical ramparts, but the arrows being shot at modern enterprises come in the form of network packets from attackers around the world. How do you build a technological wall to protect against these missiles? With strong “bricks” (or libraries and code), of course!
Like a castle, the enterprise isn’t just a wall surrounded by a large, empty space; it’s a complex building made of many parts and rooms. Every piece of hardware and software in an organization can make it stronger and more efficient or be the weak spot that’s exploited by malicious actors. At Fortra, we believe that our software should make your enterprise more resilient and increase the safety of your operations. As a part of your business-critical operations, GoAnywhere MFT secure file transfer strives to be a strong brick in your defenses and continues to get stronger with every release.
Making Strong Bricks: The Secure Development Lifecycle
Materials matter when making a brick. It needs to be strong, weather-proof, and resilient. Materials matter in software as well. Modern software is not just first-party source code, but also third-party libraries, both open-source and commercial. Ensuring the materials that go into the software are safe and strong is an important part of development.
The libraries need to be high-quality and safe to begin with, so it’s critical to choose libraries that meet development needs and are well-crafted. Software engineers can inspect this open-source code to see if it conforms to known standards and patterns for the language. There are also reputational checks that are more subjective, e.g. is the library from a well-known source (organization or person). However, even those high-quality libraries can have flaws, so it’s important to detect and correct those detected flaws as soon as possible. These are primarily security vulnerabilities, but libraries, like any software, get regular patches to fix bugs, add efficiency, and sometimes add features.
The other component that makes up software is the first-party source code written by the product’s engineers. This code needs to be well-written, tested, and built to be safe, functional, and well-performing. Creating strong, safe software requires the two components – third-party libraries and first-party source code – to be solid.
How Fortra Helps Build Solid Software
Fortra’s GoAnywhere MFT is made of both third-party libraries and first-party source code. The entire process of building software is outside the scope of this post, but there are a few key processes that I want to highlight that help make the GoAnywhere file transfer solution a strong brick in your enterprise wall.
Software Composition Analysis (SCA)
To continuously evaluate the third-party libraries (open-source and commercial), that are included in our software, Fortra employs a software composition analysis tool. This tool evaluates all the included libraries and notifies the developers of any vulnerabilities it finds. Vulnerabilities are based on severity and are evaluated for exploitability. High and critical vulnerabilities that are potentially exploitable result in a patch update, typically within 30 days of becoming aware of the issue. Lower severity vulnerabilities are generally remediated in the next major point release.
Static Application Security Testing (SAST)
For first-party code, much of the work is manual. Engineers write, review, and test code. Automation is also employed to ensure quality delivery, and on the security side, static analysis is performed to find common issues that arise in code. Static analysis happens both in real-time in the tools developers use to write the code as well as in the source-code repository after that code is checked in. Results of scans are reviewed for accuracy and problems corrected prior to any code shipping to customers.
Strong Software Makes Fortra Your Cybersecurity Ally
Like bricks in the castle wall, software in your enterprise needs to be strong to resist attacks from bad actors. In this post, I’ve focused on two techniques Fortra uses to make our software part of a safe, strong enterprise. There are several other processes Fortra employs that go into securing our software such as internal and third-party application testing and regular vulnerability scans. As your cybersecurity ally, Fortra’s mission is to add strength to your enterprise and help meet your cybersecurity needs.
See GoAnywhere MFT in Action for Secure File Transfers
GoAnywhere is a leading file transfer solution that undergoes the recommended and rigorous industry analysis and testing to help make it a secure, efficient part of an organization’s data exchange process. To see how secure and efficient the solution can be, schedule a live demonstration.
