Access "Insecure software: A never-ending saga"
This article is part of the July/August 2010 issue of Debunking myths about the advanced persistent threat (APT)
Ah, summer. Time to kick back a little and enjoy the long days and warm weather. Uh, well not so much if you're an information security professional. There's never any respite from the seemingly endless stream of new software vulnerabilities and patches to apply. Already in June, we had a bumper crop of patches from Microsoft, which coincided with a flaw in Adobe's Flash Player, Reader, and Acrobat products. Plus, attackers quickly exploited a zero-day vulnerability in the Windows XP Help and Support Center component, which was disclosed by a Google engineer (and unleashed a renewed debate over responsible disclosure, a whole other topic we won't rehash here). Of course, the bad news wasn't limited to commercial software. AT&T made headlines for all the wrong reasons with its poor Web application security that was uncovered by a small security research firm and exposed the email of thousands of iPad 3G users. The industry has preached the need for software security and secure coding for several years now. After all, if software is designed securely from the ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Security response teams grapple with cloud computing security concerns
No clear answers at conference but experts urge organizations to proceed with caution.
-
Understanding the advanced persistent threat
Think you know all you need to know about the advanced persistent threat? We'll define APT and dispel a few myths.
-
Security response teams grapple with cloud computing security concerns
-
-
Building an information security skills matrix
Your information security skills matrix – that connection between your tangible skills and personal qualities – is what separates you from your peers.
-
The pros and cons of security software-as-a-service
Security software-as-a-service can help organizations reduce security headaches but also can present challenges.
-
Building an information security skills matrix
-
Columns
-
Information security maturity model
by Chris McClean, Contributor
Use an information security maturity model to illustrate how security supports the organization.
-
Three hazards to avoid in planning a career in information security
Building a career plan just might lead security professionals headfirst into some dubious challenges.
-
Insecure software: A never-ending saga
Insecure software has been a long-standing issue in the industry. Progress on secure software development is critical.
-
Information security maturity model
by Chris McClean, Contributor
More Premium Content Accessible For Free
Next-generation firewalls play by new rules
E-Zine
Firewalls started their journey to the next generation at about the same time as the Star Trek TV series. While the products have advanced with ...
Developing your endpoint security management transition plan
E-Handbook
This TechGuide will help you develop your endpoint security management transition plan. Articles focus on overcoming the challenges of Web-based ...
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...