Are attacks shifting from the operating system to the application stack?
On the defensive side, what it comes down to is that the knowledge about secure coding practices really has to move from the people who write the OS to the application people. Operating system people were the first ones to be concerned about security, because they were the first ones to be hit by the problem in the past. Next were the server [application] people. Is Microsoft doing a better job of enabling application security? I do see it recently with developer tools that really seem to take security more into account than they used to. If you look at the .NET platform-which of course is a big target out there, with all of the applications being written in .NET and network accessible in nature-these days a package like .NET includes a lot of tools for developers to make it easy to write secure code. In the past the packages to make the language work really left it up to the developers. Here’s a language, use it. But they really didn’t give you a lot of tools to write secure code. One
Related Questions
- When a user executes a virtual application using App-V, what are the licensing requirements for the application and the operating system?
- Will FusionVM perform buffer overflows/denial of service attacks against my network application?
- When running a continuous duty application, must stack components always be cooled?
