SANS reports nearly 100 new flaws in commercial software this week; thousands more are found in custom software.
As of yesterday, the four most critical flaws affect Internet Explorer, Outlook Express, Microsoft Word, and Kodak Image Viewer, which Microsoft patches because it comes with Windows.
However, as SANS research director Alan Paller points out, there are many other Windows applications that Microsoft does not patch. Users don't find out about these flaws unless their machines get infected--or unless they check separately and periodically with each vendor. (Secunia's Software Inspector is a good tool for aggregating and tracking flaws in several widely used applications).
In a plug for SANS training, Paller says big buyers of software are starting to require their suppliers and outsourcers to prove they can develop secure code.
When data breaches are costing companies as much as $1 million--in legal fees, lost productivity, downed servers and so on--requirements like these are inevitable, although I'm not sure developers are the source of the problem. I think software vendors still don't have enough incentive to produce secure code.
Tuesday, October 16, 2007 11:29 AM/EST
http://blog.baselinemag.com/security/content001/security_flaws/new_software_flaws_affect_nearly_every_windows_user.html
As of yesterday, the four most critical flaws affect Internet Explorer, Outlook Express, Microsoft Word, and Kodak Image Viewer, which Microsoft patches because it comes with Windows.
However, as SANS research director Alan Paller points out, there are many other Windows applications that Microsoft does not patch. Users don't find out about these flaws unless their machines get infected--or unless they check separately and periodically with each vendor. (Secunia's Software Inspector is a good tool for aggregating and tracking flaws in several widely used applications).
In a plug for SANS training, Paller says big buyers of software are starting to require their suppliers and outsourcers to prove they can develop secure code.
When data breaches are costing companies as much as $1 million--in legal fees, lost productivity, downed servers and so on--requirements like these are inevitable, although I'm not sure developers are the source of the problem. I think software vendors still don't have enough incentive to produce secure code.
Tuesday, October 16, 2007 11:29 AM/EST
http://blog.baselinemag.com/security/content001/security_flaws/new_software_flaws_affect_nearly_every_windows_user.html
全站熱搜
留言列表
