Tue, 13 Jan 2009 NSA helps name most dangerous programming mistakes
Top 25 list gives developers a minimum set of coding errors that must be eradicated
A group of more than 30 computer organisations has taken what some are calling a big step toward making software more secure.
Led by experts from the US National Security Agency, the Department of Homeland Security, Microsoft and Symantec, the group published on Monday a blueprint outlining the most dangerous software programming errors.
Question of the day!
Do you use Adobe Photoshop with a Wacom tablet?
% of Macworld readers agree with you
How does a Wacom tablet improve the Photoshop experience?
Follow the conversation at @TabletChat
paintings & illustrations, mostly, which i upload to flickr.RT @fragmentedm
I draw manga/anime characters. I also do graphic design and photography.RT @spialelo
Yes. I usually put them up on my #deviantart account for feedback on how to improve.RT @spialelo
The list represents the first time the industry has reached consensus on the worst things that can happen when software is being written.
“The top 25 list gives developers a minimum set of coding errors that must be eradicated before software is used by customers,” said Chris Wysopal, chief technology officer with Veracode, in a prepared statement.
More than just a list, however, the document could be used as a negotiating tool between buyers and software vendors, said Alan Paller, director of research with the SANS Institute, a security training group that spearheaded the work.
In fact, New York state is now developing procurement documents that could be used by state agencies to make their vendors certify that their code contains none of these programming errors.
Ultimately that will make the vendor, not the state, responsible when buggy software leads to a security problem, Paller said. “When the software is found to be flawed … all of the economic liability shifts to them.”
Paller expects that this kind of certification, virtually unknown today, will become more common now that such a large part of the industry has agreed on what programming errors are most dangerous.
But he expects it to be used in large custom-coding contracts rather than in the software licensing agreements used for widely distributed software such as Microsoft Windows.
The flaws include things such as allowing for SQL injection or cross-site scripting attacks, sending sensitive information in clear text, which can be easily read, and hard-coding security passwords into programs, where they’re hard to change if discovered.
Two of these bugs led to more than 1.5 million Web site breaches last year, SANS said. And that was just the start: Often, these Web breaches were used by online attackers to then launch more attacks against people who surfed the hacked sites.
Macworld January on sale now! Hot tech tips for 2009 and FREE ultimate Mac games DVD. FREE copy of DocHaven 2.0.5 worth £52 for every reader. For more information click here.
Contact Us
DiggEmail A Friend
Email this article to a friend or colleague:
PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.
Permalink This Article
This articles permalink is:
http://www.macworld.co.uk/business/news/index.cfm?newsid=24378
<<prev article | back to news index | next article>>
Latest News
- Apple intros Aperture 3, adds over 200 new features
- Walt Disney World iPhone update offers 300 pages, 500 photos
- VIP iPhone app drops from millionaire priced £279.99 to under a tenner
- Play.com: Google Nexus One now available for pre-order
- Amazon's Kindle gets ready to battle Apple's iPad
- Apple Store is down, new Macs imminent?
- Canon intros EOS 550D 18-megapixel DSLR camera
- WSJ: Apple could slash iPad prices if sales disappoint
- Apple offers 'find out how' tutorials as podcasts
- Adobe says sorry for 16-month-old Flash bug
- Getty launches subscription stock image service, Thinkstock
- RouteBuddy intros RouteBuddy Atlas 1.3 for iPhone, iPod touch
iPhone 3G S Video Review
Related News
- Sharp, Samsung settle all outstanding LCD patent cases
- Nokia targeted in US class action suit, announces job cuts
- Vodafone looks to Apple iPhone, smartphones for increased revenue
- O2 celebrates 2 million Apple iPhone customers in the UK
- Apple iPad likely to come with mobile ads
- Sony returns to profit, cuts full-year loss forecast
- AOL posts modest profit but revenues decline
- Planned UK T-Mobile and Orange merger hit by OFT probe
- Analyst: Apple iPad could generate 57 million tablet sales a year
- Adobe, CU team-up, place value in legitimate creative software with new anti-piracy campaign
Mac Broadband?
Search news
Search Google
Newsletter signup
It's easy and free to get the latest news headlines, reviews and opinions straight to your email inbox. Sign up NOW to make sure you receive the latest Mac news, reviews and tutorials on your favourite topics.
Register now
Stay on top of the latest, breaking Mac news and chat with other Mac professionals and enthusiasts about the issues that matter to you. Register with Macworld today to join our forums and receive our twice-weekly email newsletter, Macworld Mainline.
RSS
Have the latest content delivered to your desktop via RSS. Use the links below to get access to a specific blog, news, or reviews feed.
MACWORLD MARKETPLACE
 |
Computer & Laptop |
 |
Are you a new customer? Are you doubtful? |
 |
Beat the Credit Crunch - Lease your Mac from Hardsoft. |
 |
50% off ebooks |
 |
Circus Ponies NoteBook - the easy way to get organized on the Mac |
Comments received
Michael said on Tue, 13 Jan 2009
Microsoft: The fox guarding the hen house.
Disclaimer
Opinions expressed here are those of the writers and do not reflect those of Macworld. Macworld accepts no responsibility legal or otherwise for their accuracy of content.
Click here to read the house rules.
Click here for the latest reader comments