Hangout for experimental confirmation and demonstration of software, computing, and networking. The exercises don't always work out. The professor is a bumbler and the laboratory assistant is a skanky dufus.

- Archives - 2004-06-13 2004-06-20 2004-06-27 2004-08-29 2004-09-05 2004-09-12 2004-09-19 2004-10-10 2004-10-24 2004-11-07 2004-11-28 2004-12-05 2004-12-12 2004-12-26 2005-01-30 2005-02-06 2005-03-06 2005-03-13 2005-03-20 2005-04-03 2005-04-10 2005-04-17 2005-04-24 2005-05-01 2005-05-08 2005-05-15 2005-05-29 2005-06-05 2005-06-12 2005-06-19 2005-06-26 2005-07-10 2005-07-17 2005-07-31 2005-08-28 2005-10-09 2005-10-16 2005-10-23 2005-11-13 2005-11-27 2005-12-04 2005-12-18 2006-01-08 2006-02-05 2006-02-12 2006-02-19 2006-03-05 2006-03-12 2006-03-26 2006-04-23 2006-04-30 2006-07-16 2006-07-30 2006-08-06 2006-09-03 2006-10-08 2006-10-22 2006-10-29 2006-11-26 2006-12-10 2007-01-28 2007-02-04 2007-02-11 2007-03-11 2007-03-25 2007-04-08 2007-06-03 2007-06-10 2007-06-17 2007-07-01 2007-07-08 2007-08-19 2007-09-30 2007-10-07 2007-10-21 2007-11-04 2007-11-11 2007-11-18 2007-11-25 2008-01-27 2008-02-03 2008-02-10 2008-02-17 2008-02-24 2008-03-09 2008-04-06 2008-05-18 2008-05-25 2008-06-01 2008-06-08 2008-07-13 2008-08-10 2008-08-24 2008-08-31 2008-09-07 2008-10-05 2008-12-28 2009-05-10 2010-04-25


Blog Feed

Recent Items
 
As Complex as Necessary and no More.
 
The Same Old Mistakes, Over and Over Again
 
Sorting the Mail: Agile Databases, Vulnerable Appl...
 
SSH and Known_Hosts Vulnerabilities Threaten Grid
 
Service Research: Focusing on Requirements for Tec...
 
TiddlyWiki: Ohmygosh, I'm in Love.
 
3I: Individualized Interactive Instruction
 
Three Defects We Can Do Without: Memory Leaks, Buf...
 
Windows Genuine Advantage: So, did I fail the test...
 
Hark, Is That a Pattern I See Before Me?

  

visits to Orcmid's Lair pages

The nfoCentrale Blog Conclave
 
Millennia Antica: The Kiln Sitter's Diary
 
nfoWorks: Pursuing Harmony
 
Numbering Peano
 
Orcmid's Lair
 
Orcmid's Live Hideout
 
Prof. von Clueless in the Blunder Dome
 
Spanner Wingnut's Muddleware Lab (experimental)

nfoCentrale Associated Sites
 
DMA: The Document Management Alliance
 
DMware: Document Management Interoperability Exchange
 
Millennia Antica Pottery
 
The Miser Project
 
nfoCentrale: the Anchor Site
 
nfoWare: Information Processing Technology
 
nfoWorks: Tools for Document Interoperability
 
NuovoDoc: Design for Document System Interoperability
 
ODMA Interoperability Exchange
 
Orcmid's Lair
 
TROST: Open-System Trustworthiness

 

A Litany of Lists: Creatiing Secure Applications

Let’s have some lists and check them over and over:

ACM News Service: Security – More Than Good Programming.  The first list is based on a BZ Research survey of software development managers reported in Alan Zeichick’s 2005-05-15 SD Times article.  Here are the heavy hitters:

• poor programming practices (apparently everyone’s favorite at 55.9% of respondents)
• poor design and architecture
• lack of developer security training
• inadequate testing and quality assurance
• insufficient management emphasis on security
• flaws in software components and libraries (42.5%)
• poor deployment and administrative practices (42.0%)

There were also respondents who proposed remedies, and some also cited problems of user behavior and lack of security consciousness.

The breakdown on where the problems occur declines as follows:

• Desktop operating system (63.2%)
• Desktop application
• Server operating system
• Web server
• Web application
• Server application
• Database server
• Application server
• Web services and middleware (14.7%)

Other dimensions of the systems security picture are also explored in the full article.

ACM News Service: Collaboration Is a Necessity for a Secure Infrastructure.   This burb begins with an auspicious assertion: “Now that IT is considered an integral part of the business, it is time for collaboration between industry users and vendors to establish best practices.”  This is being put forward at the Global CSO Council, according to Emma Nash’s 2005–05–26 Computing article.  From that perspective, promoted by Oracle’s Chief Security Officer, Mary Ann Davidson, the following remedies are among those called for:

• Incorporation of auditing standards in commercial software, enhancing its ability to detect and report disrepancies
• Drumming security into students while they are still learning, breeding a security-conscious next generation
• Certification of university programs and requirement that competence at basic secure coding be demonstrated

¶ posted by orcmid at 5/29/2005 01:37:00 PM

  <$BlogBacklinkTitle$>  

<$BlogBacklinkSnippet$>
posted by <$BlogBacklinkAuthor$> at <$BlogBacklinkDateTime$>