Security Management Strategies for the CIOAccess "Schneier-Ranum Face-Off: Should the Government Stop Outsourcing Code Development?"
This article is part of the April 2010 issue of Combatting the new security threats of today's mobile devices
Point: Marcus Ranum Before we get started, I need to confess my biases and background: I've been a coder, project leader, VP of engineering, CTO and CEO -- I've held every job in the software task tree that exists in a software company. I'm going to make a few assertions in this column that I won't have room to back up in detail, but they're facts and you should accept them as such. Most of what we need to know for this discussion is summarized in this observation by the co-inventor of the buffer overflow, Brian Kernighan: "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." Finding security holes in software is harder than debugging. And finding a hidden security trapdoor in software would be even harder. So it follows from this assertion that if you don't know how to write code at all, you're lunchmeat if anyone, anywhere, is able to inject malicious code into your software supply. In fact, the current primary mode of software ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
ISP shutdown slows Zeus botnet
Security experts say the Zeus botnet was slowed with the shutdown of Troyak, an ISP serving a large chunk of the Zeus botnet
-
Removable storage device endpoint security and control
by Lisa Phifer, Contributor
Endpoint security and control for devices like thumb drives, SIM cards and mobile devices can no longer be ignored.
-
ISP shutdown slows Zeus botnet
-
-
Economic recovery strategies for information security professionals
Security teams will continue to focus on efficiency and alignment with business as the economy recovers
-
Technologies to thwart online banking fraud
by Jerry Silva
Today's anti-fraud technologies create gated communities for online banking.
-
Economic recovery strategies for information security professionals
-
Columns
-
Information Security Profession Takes Two Steps Backward
The information security profession took two steps backwards with the firing of Pennsylvannia's CISO because of his comments on a conference panel, which illustrates the continuing disconnect between management and information security.
-
Schneier-Ranum Face-Off: Should the Government Stop Outsourcing Code Development?
Is outsourcing code development a threat to national security? Marcus Ranum and Bruce Schneier go head-to-head on this topic.
-
Cloud computing legal issues
Lawyers have a lot of concerns about cloud computing services. Learn about cloud computing legal issues
-
Information Security Profession Takes Two Steps Backward
More Premium Content Accessible For Free
Compliance and risk modeling
E-Zine
You can fight compliance or embrace it, but one way or the other, you can’t escape it. Increasingly, smart organizations are not just accepting ...
Essentials: Threat detection
E-Zine
Antivirus and intrusion prevention aren’t the threat detection stalwarts they used to be. With mobile endpoints and new attack dynamics, enterprises ...
Managing identities in hybrid worlds
E-Zine
The world in which successful IAM programs must be implemented is increasingly complex, a mix of legacy on-premise IAM infrastructures, cloud-based ...