Hangout for experimental confirmation and demonstration of software, computing, and networking. The exercises don't always work out. The professor is a bumbler and the laboratory assistant is a skanky dufus.

Recent Items
 
As Complex as Necessary and no More.
 
The Same Old Mistakes, Over and Over Again
 
Sorting the Mail: Agile Databases, Vulnerable Applications, and Optimized Code
 
SSH and Known_Hosts Vulnerabilities Threaten Grid
 
Service Research: Focusing on Requirements for Technology, not the Technology
 
TiddlyWiki: Ohmygosh, I'm in Love.
 
3I: Individualized Interactive Instruction
 
Three Defects We Can Do Without: Memory Leaks, Buffer Overflows, and Unclosed Files
 
Windows Genuine Advantage: So, did I fail the test or did the test fail?
 
Hark, Is That a Pattern I See Before Me?

Archives
2004-06-13
2004-06-20
2004-06-27
2004-08-29
2004-09-05
2004-09-12
2004-09-19
2004-10-10
2004-10-24
2004-11-07
2004-11-28
2004-12-05
2004-12-12
2004-12-26
2005-01-30
2005-02-06
2005-03-06
2005-03-13
2005-03-20
2005-04-03
2005-04-10
2005-04-17
2005-04-24
2005-05-01
2005-05-08
2005-05-15
2005-05-29
2005-06-05
2005-06-12
2005-06-19
2005-06-26
2005-07-10
2005-07-17
2005-07-31
2005-08-28
2005-10-09
2005-10-16
2005-10-23
2005-11-13
2005-11-27
2005-12-04
2005-12-18
2006-01-08
2006-02-05
2006-02-12
2006-02-19
2006-03-05
2006-03-12
2006-03-26
2006-04-23
2006-04-30
2006-07-16
2006-07-30
2006-08-06
2006-09-03
2006-10-08

A Litany of Lists: Creatiing Secure Applications

Let’s have some lists and check them over and over:

ACM News Service: Security – More Than Good Programming.  The first list is based on a BZ Research survey of software development managers reported in Alan Zeichick’s 2005-05-15 SD Times article.  Here are the heavy hitters:

• poor programming practices (apparently everyone’s favorite at 55.9% of respondents)
• poor design and architecture
• lack of developer security training
• inadequate testing and quality assurance
• insufficient management emphasis on security
• flaws in software components and libraries (42.5%)
• poor deployment and administrative practices (42.0%)

There were also respondents who proposed remedies, and some also cited problems of user behavior and lack of security consciousness.

The breakdown on where the problems occur declines as follows:

• Desktop operating system (63.2%)
• Desktop application
• Server operating system
• Web server
• Web application
• Server application
• Database server
• Application server
• Web services and middleware (14.7%)

Other dimensions of the systems security picture are also explored in the full article.

ACM News Service: Collaboration Is a Necessity for a Secure Infrastructure.   This burb begins with an auspicious assertion: “Now that IT is considered an integral part of the business, it is time for collaboration between industry users and vendors to establish best practices.”  This is being put forward at the Global CSO Council, according to Emma Nash’s 2005–05–26 Computing article.  From that perspective, promoted by Oracle’s Chief Security Officer, Mary Ann Davidson, the following remedies are among those called for:

• Incorporation of auditing standards in commercial software, enhancing its ability to detect and report disrepancies
• Drumming security into students while they are still learning, breeding a security-conscious next generation
• Certification of university programs and requirement that competence at basic secure coding be demonstrated

posted by orcmid at 5/29/2005 01:37:06 PM, rating data by NewsGator Online