Can common “garden variety” hacker exploits be prevented with proper software processes?
Common hacker exploits can be fixed with good software process. Things like buffer overflows can be fixed using common code scanning. But we can’t solve the more basic software flaw problem with static analysis tools. Operations people don’t care about fixing bugs or flaws. If you were a network manager trying to fix broken software, you’d try to protect it with something like an application firewall. On the other hand, a builder will fix the broken stuff by trying to get rid of bugs. Then they will get more sophisticated and go after flaws and try to fix the software life cycle. What are software certification organizations like the Software Engineering Institute and DOD/NSA doing to tighten quality to improve security and countermeasures? You must have an excellent software process first. Then you must layer software security best practices on top. One security best practice is abuse cases: What happens when somebody does something wrong on purpose? People do use cases for their soft
Related Questions
- What is the difference between SANS Hacker Techniques, Exploits & Incident Handling and SANS Security Essentials Bootcamp Style?
- Do you feel comfortable using common software programs like word processors, internet browsers, and email programs?
- Can the data gathered on the DCR1000 be interfaced with the industrys common production accounting software?
