Access "Reasearch on Coding Backdoors Presents Ugly Picture"
This article is part of the May 2008 issue of Seven questions to ask before committing to SaaS
Research ups awareness on backdoors that present attackers with a cheaper means of malware distribution and system access. Intelligence agencies call it SOUP, but it's hardly comfort food. Spelled out, it's software of unknown provenance (or pedigree), and it can be any off-the-shelf app made for business, government or the military where source code access or even documentation is unavailable. Generally, it's a dish being served by the global development supply chain and the business of outsourcing applications that are developed inexpensively anywhere--especially India and Asia-Pacific. For the most part, organizations that outsource are saving plenty, doing more with less and meeting other profit margin-related corporate mandates. But once the software is delivered, is it clean code? Or has an unscrupulous developer--perhaps one working for an unfriendly nation--left a backdoor? Sounds a little hokey and conspiratorial, but former L0pht hacker and Veracode founder Chris Wysopal urges companies not to ignore the threat. Veracode's business is binary code ... Access >>>
Premium Content for Free.
SaaS Offering Handles SSO
TechFocus: New Password Hell?
- Viewpoint: Let's add policy to GRC
Product review: CodeArmor 2.2 for Microsoft .NET
by Steven Weil, Contributor
The configuration, policy control and reporting capabilities of V.i. Labs' CodeArmor 2.2 for Microsoft .NET are reviewed.
Security Services: Webroot Email Security SaaS
At Your Service
Identity Management Suites Enable Integration, Interoperability
IDENTITY MANAGEMENT Feature-rich product suites are putting a face on integration and interoperability.
- SaaS Offering Handles SSO
Secure Computing SafeWord 2008 product review
Secure Computing SafeWord 2008 delivers identity management and access control for Windows systems using tokens that generate secure single-use passcodes. Information Security magazine reviews these capabilities.
7 Security Questions to Ask Your SaaS Provider
Outsourcing software as a service (SaaS) puts control over an organization's applications in the hands of others. Learn what questions to ask your provider, how to define security policies, how to understand how service providers handle security and ensure enforcement of policies.
Product review: Symantec Database Security 3.1
5 Steps for Developing Strong Change Management Program Best Practices
Poor change control and configuration management can affect the security of your systems and networks. Follow these five steps for a strong change management program.
Product review: Mandiant Intelligent Response 1.0
- Secure Computing SafeWord 2008 product review
Interview: Jim Kirkhope of NCR
PING: Jim Kirkhope
Face-Off: Is vulnerability research ethical?
Bruce Schneier and Marcus Ranum debate the ethics of vulnerability research
Reasearch on Coding Backdoors Presents Ugly Picture
Editor's Desk: Backdoor Bedlam
Security, Privacy Offices Must Combine Resources
Perspectives: Nowhere to Hide
- Interview: Jim Kirkhope of NCR
More Premium Content Accessible For Free
FTP gets big files to colleagues and clients fast, but as the headlines remind us, the threat of electronic break-ins is real. This guide to secure ...
As tablets and smartphones become more integrated into business environments, CISOs are scrambling to put effective countermeasures in place. But too...
This Technical Guide examines the necessary elements of, and how to implement, a sound mobile device management strategy. Devices will be lost...