Security experts from more than 30 organizations recently called on enterprises to put more pressure on security vendors to ensure secure code development. The group, led by the SANS Institute and Mitre, also released draft language for use in procurement contracts between organizations and software development firms that would leave the development firms liable for software defects. “Nearly every attack is enabled by [programming] mistakes that provide a handhold for attackers,” says the SANS Institute’s Alan Paller. “The only way programming errors can be eradicated is by making software development organizations legally liable for the errors.” SANS and Mitre also released its CWE/SANS Top 25 list of the most common programming errors being made by software developers. According to the list, SQL injection errors, cross-site scripting flaws, and buffer overflow weaknesses are the most common programming errors.
For More Information Visit: http://www.cpccci.com
Tags: Buggy, Security, software
This entry was posted on Thursday, February 18th, 2010 at 8:10 pm and is filed under Computer Science and Engineering News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.