Home > Security News > Software still plagued with security holes, researcher says
Security News:
EMAIL THIS

Software still plagued with security holes, researcher says

By Neil Roiter, Senior Technology Editor, Information Security magazine
30 Jun 2008 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Greg Hoglund, a noted security researcher and author who specializes in Windows rootkits and secure coding, explains why software is just as vulnerable today as it was in 1999. Hoglund is CEO of HBGary, a security risk assessment firm based in El Dorado Hills, Calif. Hoglund is a highly regarded expert on software application security and the malware used to exploit it. He created and documented the first Windows NT-based rootkit.

  Greg Hoglund on secure coding: 

  Program Links: 

  • Gary McGraw on secure software development: In this video, Gary McGraw of Cigital Inc. explains why better secure coding could help thwart future Web 2.0 attacks. He says the industry is making progress.

  • Tech vendors team up for secure software development: A new group of technology vendors, including Microsoft and Symantec, are joining together to raise awareness about the need for more secure code.

  • Report: Companies still stumped by PCI DSS: A VeriSign review of PCI Data Security Standard (PCI DSS) assessments it conducted found that more than half were still stumbling on the path to compliance.

  • Group releases Java standards for secure development: The Secure Programming Council is releasing a set of essential skills for Java developers in an effort to improve software security and educate new programmers.

  • Information Security podcasts: Visit SearchSecurity's podcast archive.



    Tags: Software Development MethodologyApplication Attacks (Buffer Overflows, Cross-Site Scripting)Malware, Viruses, Trojans and SpywareVIEW ALL TAGS

    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google



    RELATED CONTENT
    Software Development Methodology
    How to detect software tampering
    Developers Need Help with Security Errors
    Does an EULA make it truly illegal to decompile software?
    SQL injection continues to trouble firms, lead to breaches
    IBM acquires Ounce Labs for source code analysis
    Microsoft issues emergency Active Template Library updates
    Software security threats and employee awareness training
    Adobe patches ColdFusion vulnerability blocking website attack
    nCircle statistics show rising Web application vulnerabilities
    Common PCI questions: Web application firewalls or source code review?

    Application Attacks (Buffer Overflows, Cross-Site Scripting)
    Adobe warns of critical update for Reader, Acrobat 9.1.3
    9 Ways to Improve Application Security After an Incident
    Developers Need Help with Security Errors
    Buffer overflow tutorial: How to find vulnerabilities, prevent attacks
    SQL injection protection: A guide on how to prevent and stop attacks
    Experts rebuke programmers who use SQL injection as feature
    SANS: Application threats, website flaws pose biggest security threats
    Mozilla helps Adobe push out faster patches
    SSH key compromise shuts down Apache website
    IBM finds sharp spike in malicious content on trusted sites
    Application Attacks (Buffer Overflows, Cross-Site Scripting) Research

    Malware, Viruses, Trojans and Spyware
    Schneier-Ranum Face-Off: Is antivirus dead?
    Modern malware, stealthy botnets, adapt quickly, expert says
    Computer worm infections up, scareware antivirus down, Microsoft says
    Web-based attacks skyrocket, pirating sites surge, security firms say
    Mini guide: How to remove and prevent Trojans, malware and spyware
    Kaspersky system analyzes malicious URLs on Twitter for malware
    Silon malware intercepts Internet Explorer sessions, steals credentials
    Breach forces payroll service provider PayChoice to shut down again
    RSA research underscores problem tracking cybercriminals
    Conficker analysis finds P2P coding limited, less sophisticated

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    bypass  (SearchSecurity.com)
    Common Weakness Enumeration  (SearchSecurity.com)
    debugging  (SearchSoftwareQuality.com)
    fuzz testing  (SearchSecurity.com)
    heuristics  (SearchSoftwareQuality.com)
    sandbox  (SearchSecurity.com)
    threat modeling  (SearchSecurity.com)
    trigraph  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    • More Tips to Secure Your Network
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts