software architects Archives

K02: Supply Chain Vulnerabilities – A Comprehensive Guide for Software Developers and Architects

26 April 2025 by Krishna

The modern digital landscape is increasingly dependent on complex software supply chains, making them a prime target for cyber threats. Supply chain vulnerabilities in software development can have far-reaching consequences, from data breaches to full-scale operational disruptions. Software developers and architects must understand these risks to design resilient systems and mitigate potential threats proactively.
This blog post will provide a deep dive into supply chain vulnerabilities, covering their origins, real-world examples, risk mitigation strategies, and best practices for securing software ecosystems.

2024 CWE Top 25 Most Dangerous Software Weaknesses: Integer Overflow or Wraparound (CWE-190)

28 March 2025 by Krishna

Integer Overflow occurs when an arithmetic operation attempts to create a numeric value that exceeds the maximum limit of the data type used to store it. Similarly, Integer Wraparound happens when the numeric value “wraps around”, cycling back to the minimum limit.

2024 CWE Top 25 Most Dangerous Software Weaknesses: Use of Hard-coded Credentials (CWE-798)

27 March 2025 by Krishna

Hard-coded credentials refer to embedding authentication information such as usernames, passwords, API keys, or cryptographic keys directly into the source code. Developers might do this for convenience, testing, or quick deployment. However, these credentials often remain in production, creating vulnerabilities.

Understanding CWE-476: NULL Pointer Dereference

26 March 2025 by Krishna

In software development, a NULL pointer is a pointer variable that does not reference any valid memory location. Dereferencing such a pointer—attempting to access the memory it supposedly points to—results in undefined behaviour. In many systems, this leads to crashes, data corruption, or even exploitable vulnerabilities.

2024 CWE Top 25 Most Dangerous Software Weaknesses: Exposure of Sensitive Information to an Unauthorised Actor (CWE-200)

22 March 2025 by Krishna

CWE-200 refers to a software flaw where sensitive information—such as personal data, proprietary business details, or system configurations—is unintentionally exposed to individuals or entities without proper authorisation. This weakness typically results from poor implementation of access controls, inadequate data masking, or flawed logic in data-handling processes.