-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
State Of Application Security: Nearly 60 Percent Of Apps Fail First Security Test
,----[ Quote ]
| Around 58 percent of the applications
| tested by application security testing
| service provider Veracode in the past
| year-and-a-half failed to achieve a
| successful rating in their first round of
| testing. "The degree of failure to meet
| acceptable standards on first submission
| is astounding -- and this is coming from
| folks who care enough to submit their
| software to our [application security
| testing] services," says Roger Oberg,
| senior vice president of marketing for
| Veracode. "The implication here is that
| more than half of all applications are
| susceptible to the kinds of
| vulnerabilities we saw at Heartland,
| Google, DoD, and others -- these were all
| application-layer attacks."
|
| [...]
|
| Despite the relatively gloomy picture of
| developers still missing the mark
| initially on security, there were some
| bright spots in the report: Open-source
| software isn't as risky as you'd think,
| and financial services organizations and
| government agencies tend to have more
| secure applications from the get-go; more
| than half of their apps passed as
| acceptable in the first submission to
| testing, according to Veracode's report.
`----
http://www.darkreading.com/vulnerability_management/security/app-security/showArticle.jhtml?articleID=223100875
If You Canât Beat Malware, Tunnel Through It
,----[ Quote ]
| Start-up Israeli security company Trusteer
| claims to have hit on a different tactic
| when it comes to combating financial
| malware and making activities such as
| online banking more secure.
|
| Rather than trying to eliminate every
| nasty from a userâs desktop, the four
| year-old company claims its Rapport
| software establishes a secure link between
| a customerâs desktop and the bankâs
| systems, excluding any malware in the
| process. The approach has been greeted
| with enthusiasm by analysts with a recent
| report from Frost and Sullivan neatly
| distilling the problem and Trusteerâs
| response to it.
`----
http://www.eweekeurope.co.uk/interview/trusteer-you-cant-beat-malware-so-tunnel-through-it-5571
Recent:
DoD: Open-source software more secure
,----[ Quote ]
| Daniel Risacher, Associate Director of
| Enterprise Services and Integration at the
| DoD's Office of the Chief Information Officer,
| helped write a memo requiring all DoD agencies
| to evaluate open-source software on an equal
| basis with proprietary software. The reason is
| simple, according to Risacher: Software that
| goes through a process of peer review tends to
| be more reliable and secure than software that
| has not had the same level of scrutiny.
`----
http://www.fiercegovernmentit.com/story/dod-open-source-software-more-secure/2009-11-09
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkuM0JsACgkQU4xAY3RXLo646QCfdcHwjhhlU5CVwg08b0gb+91H
+wkAoJ1fl51U7v0HCCFFwylLlF8zloFR
=kAdo
-----END PGP SIGNATURE-----
|
|
