Security Group Seeks to Hold Software Vendors Accountable for Buggy Code
Security Group Seeks to Hold Software Vendors Accountable for Buggy Code
Posted 02/18/2010 at 5:38am
| by Paul Lilly
4
Comments
Print
The SANS Institute and Mitre have assembled a group of security experts from more than 30 organizations to put pressure on software vendors to do a better job at releasing secure code.
"Nearly every attack is enabled by [programming] mistakes that provide a handhold of attackers," said Alan Paller, director of research at SANS, a security training and certification group based in Bethseda, MD. "The only way programming errors can be eradicated is by making software development organizations legally liable for the errors," he said.
Towards that end, the consortium put together a document outlining specific terms and conditions that should be included in procurement contracts to help keep vendors accountable and ensure that they stick to strict security standards. The document ultimately makes development firms liable for any software defects.
Image Credit: dahldreams.com
More like this
Trooper_One
February 18, 2010 at 11:53am
Sure vendors need to do better at stomping out the bugs and security holes, but with millions lines of codes and objects interecting with each other, theres bound to be errors.
Similarily, car companies nowadays would strive for safety and quality, but they cannot guarantee that they are 100% free of defects.
nekollx
February 18, 2010 at 9:47am
yeah, not going to work. Sure sometimes it's buggy code but other times it's just the Hackers are better at decoding and finding vuneravilities that only exist in some obsuce range of parameters, then making those paramaters work to their favor, social enginnering.
------------------------------
Coming soon to Lulu.com --Tokusatsu Heroes--
Five teenagers, one alien ghost, a robot, and the fate of the world.
compro01
February 18, 2010 at 10:51am
Yes, but a lot of vulnerabilities are the result of just plain dumb mistakes, like SQL injection, buffer overflows, integer rollovers, etc.
http://www.sans.org/top25-programming-errors/
It's just plain stupid and is almost certainly the result of using your tools inapropriately or simply not knowing what you're doing.
slowpoke2
February 18, 2010 at 1:07pm
I wonder what Microsoft is going to do about this, probably kill it faster then you can say Windows.
Connect with MaximumPC
Featured Content
We introduce Intel's latest class of tablet killers and review 4 of the first Ultra...
Where have all the memorable videogame enemies gone?
This month's issue
Feature
11 Hardware Hacks
Feature
Overclock Your CPU
How-To
Supercharge Your Smartphone
Build It
A Powerful $830 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Analysts: 9-Inch Kindle Fire This Summer http://t.co/QDYApwCZ1 day 1 hour ago
- maximumpc: Micron: DRAM Prices Likely as Low as They're Going to Get http://t.co/fFUWuFOm1 day 4 hours ago
- maximumpc: Yar, Mateys! All Of Pirate Bay Made Available As A Single 90MB Zip File http://t.co/j5LHlXEZ1 day 5 hours ago
