Security Management Strategies for the CIOAccess "Marcus Ranum and Gary McGraw talk about software security issues"
This article is part of the April 2011 issue of Successful cloud migrations require careful planning
Marcus Ranum: Do you think the emphasis on mega-frameworks like Google Toolkit, Ruby or (insert favorite Web2.0 technology here) is going to improve the state of software security, make it worse, or be neutral? I'm really torn between writhing with discomfort at the idea of these large code-masses that are being used in lots of important places -- it's just too complicated to get it all right! Gary McGraw: Both. The gigantic frameworks themselves can make analysis of a system that includes them a lot harder. If you think about automated static analysis for code review, the frameworks lead to a big 'whack-a-mole' game: The data flow goes in and pops back out in any number of surprising places. On the other hand, if you do the right thing from a static analysis perspective, you can sometimes pre-compute where the mole is going to pop back out and use that to your advantage. Frameworks can help with security too -- enterprises that create frameworks of their own, and apply those consistently for their developers have been having good luck. That's because the ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Application whitelisting: an extra layer of malware defense
by Eric Ogren, Contributor
Application whitelisting was hyped as an antivirus killer. Its real role is serving as an added weapon in the battle against malware.
-
Key steps for security incident response planning
by Ravila Helen White, Contributor
Security incidents are going to happen. Don't get caught flat footed.
-
Application whitelisting: an extra layer of malware defense
by Eric Ogren, Contributor
-
-
Antivirus vendors go beyond signature-based antivirus
by Robert Westervelt
Security vendors are adding new capabilities into their products to keep up with the surge in malware.
-
Cloud migration requires network retooling
by David Newman
Learn what is required for cloud migration, including retooling of network design and security controls such as encryption and DLP.
-
Antivirus vendors go beyond signature-based antivirus
by Robert Westervelt
-
Columns
-
An Internet kill switch bill wouldn't ensure security
by Paul Rohmeyer
Giving the president power to shut down the Internet would have devastating consequences.
-
Information security professionals can't waste this opportunity
by Michael S. Mimoso, Editorial Director
Grab your newfound visibility by the horns and figure out how to bring oversight and direction to cybersecurity.
-
Marcus Ranum and Gary McGraw talk about software security issues
by Marcus J. Ranum, Contributor
Marcus Ranum and Gary McGraw discuss software security issues in this new bimonthly feature where Marcus Ranum goes one on one with a fellow security industry insider.
-
An Internet kill switch bill wouldn't ensure security
by Paul Rohmeyer
More Premium Content Accessible For Free
Next-generation firewalls play by new rules
E-Zine
Firewalls started their journey to the next generation at about the same time as the Star Trek TV series. While the products have advanced with ...
Developing your endpoint security management transition plan
E-Handbook
This TechGuide will help you develop your endpoint security management transition plan. Articles focus on overcoming the challenges of Web-based ...
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...