Solution Centers

MORE

Everything Else

Virtual Conference

Virtualization: The Future is Now
June 16, 2009 - 9:30am - 6:30pm EST

Navigating Through Dynamic Times by Cisco
On demand until November 20, 2009

Ways to connect with CIO

all RSS RSS Feeds

Subscribe to All of CIO.com

Subscribe to Mobile

Subscribe to Web 2.0

Subscribe to Careers

Subscribe to ERP

CLOUD COMPUTING

Drilldowns

Beats

Cisco Charts New Paths with Eos Media Platform

TECHNOLOGY
- Infrastructure
  - Network
  - Security
  - Client
    - Desktop
    - Laptop
    - Laptop - Macbook
    - PDA
  - Server
    - Load Balancing
  - Mobile
  - Operating Systems
    - Windows
    - Windows - Vista
    - Linux
    - Mac
    - Mac - Leopard
    - Unix
    - Other
  - Data Center
  - Virtualization
- Applications
  - SaaS
  - Cloud Computing
  - ERP
  - CRM
  - BI
  - BPM
  - KM
  - SCM
  - RFID
  - Middleware/EAI
  - Portals
    - B-to-B
    - Consumer
  - Inventory Management
  - Databases
  - Document Management
  - E-Business
  - Data Warehouse
- Development
  - Open Source
  - Eclipse
  - Java
  - .NET
  - Agile
  - Web Services
- Architecture
  - SOA
  - Enterprise Architecture
LEADERSHIP

IT DRILLDOWN

Cloud Computing

NEWSLETTERS

CIO.com updates, insights and advice on technology, management and your career.

LEADERSHIP

CIO Executive Programs

The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

CIO Executive Council

A Peer-Advisory Service and Professional Association for CIOs

Mid-Market CIO Panel: Tips and Techniques for Improving Vendor Relationships

July 15, 4:00 PM - 5:00 PM U.S./Eastern (GMT-4)

We'll highlight relationship priorities and best practices identified in a Council study, and we'll interact with a CIO panel on the approaches they've used to improve strategic vendor partnerships.

Secrets of Successful Vendor Contract Negotiations for the Mid-Market

Sept. 10, 2009, 11:00 AM - 12:00 PM U.S./Eastern (GMT-4)

On this free public Council teleconference, Matthew A. Karlyn, attorney at Foley & Lardner in Boston, will share tips on negotiating tactics and new, creative contract terms to help mid-market CIOs make better deals.

Executive Competencies Assessment Tool

Assess Your Business Leadership Skills with the Council's new benchmarking tool. Rate yourself in change leadership, strategy, customer focus and more.

More / Register »

Learn more about the CIO Executive Council »

RESOURCE CENTER

buy a link »

SUBSCRIBE TO CIO

Are you involved in setting the direction for your company's IT budget or strategy?

Apply today for a FREE subscription to CIO Magazine!

Subscription Services »

News

NSA Helps Name Most Dangerous Programming Mistakes

A group of more than 30 computer organizations has taken what some are calling a big step toward making software more secure.

Leave a comment

By Robert McMillan

January 12, 2009 — IDG News Service —

A group of more than 30 computer organizations has taken what some are calling a big step toward making software more secure.

Led by experts from the U.S. National Security Agency, the Department of Homeland Security, Microsoft and Symantec, the group plans to publish on Monday a blueprint outlining the most dangerous software programming errors.

The list represents the first time the industry has reached consensus on the worst things that can happen when software is being written.

"The top 25 list gives developers a minimum set of coding errors that must be eradicated before software is used by customers," said Chris Wysopal, chief technology officer with Veracode, in a prepared statement.

More than just a list, however, the document could be used as a negotiating tool between buyers and software vendors, said Alan Paller, director of research with the SANS Institute, a security training group that spearheaded the work.

In fact, New York state is now developing procurement documents that could be used by state agencies to make their vendors certify that their code contains none of these programming errors. Ultimately that will make the vendor, not the state, responsible when buggy software leads to a security problem, Paller said. "When the software is found to be flawed ... all of the economic liability shifts to them."

Paller expects that this kind of certification, virtually unknown today, will become more common now that such a large part of the industry has agreed on what programming errors are most dangerous. But he expects it to be used in large custom-coding contracts rather than in the software licensing agreements used for widely distributed software such as Microsoft Windows.

The flaws include things such as allowing for SQL injection or cross-site scripting attacks, sending sensitive information in clear text, which can be easily read, and hard-coding security passwords into programs, where they're hard to change if discovered. The list of errors is set to be posted here.

Two of these bugs led to more than 1.5 million Web site breaches last year, SANS said. And that was just the start: Often, these Web breaches were used by online attackers to then launch more attacks against people who surfed the hacked sites.

Copyright © 2008 IDG News Service. All rights reserved. IDG News Service is a trademark of International Data Group, Inc.

Print

Share [+]

TOOLS

Comments

LinkedIn

RELATED

WHITE PAPERS

5 Tips for Data Loss Prevention Solutions

RSA® The Security Division of EMC has identified 5 key considerations to help organizations simplify the evaluation process for selecting a DLP solution that is right for their business.

Communications Transformation Platform

The Communications Transformation Platform enables you to provide the services your customers demand - faster, cheaper and with less risk.

Global Change in the TV Industry

Capgemini and MediaXchange have captured key insight to the change across the TV industry.

Secure Training Videos to Prevent Theft

Learn how Dream Force extended their marketing reach without being constricted.

Prevent Intellectual Property Theft

Learn what the key components were in Hock International's purchasing decision.

Is Your PDF Security Software Really Secure?

Find out what security vendors might not be telling you about their products and solutions.

WEBCASTS

Managing Client Systems in the Enterprise

Keeping client systems costs under control is just one of the many initiatives IT must address when trying to manag...

IT Consolidation Made Easy

The Primary IT Initiative for Reducing Costs

Webcast with Dan Vesset: Investing in Business Analytics Technology

What exactly is business analytics and why should you care? Dan Vesset of IDC and Gaurav Verma of SAS answer this a...

Capitalize on Your SAP Content

After 18 years of partnership and over 3,000 successful customer deployments, Open Text has become SAP's premier pa...

Enterprise Cloud Computing: Ready for Primetime?

The progression toward enterprise cloud computing is happening today, as industry leaders deploy technologies that ...

Preparing Your Business Services for the Future

Would you trust your network monitoring tools enough to know when something is truly halting a business service? Wh...

Resource Alerts

Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.

Wall Street Beat: Tech Shares Need to Rally Friday

Korea DDOS Virus Mission Shifts to Destroying, Erasing Data

Cisco Charts New Paths with Eos Media Platform

Google Chrome OS Shows Limitations of Android

Microsoft Ties Dynamics CRM to Twitter

Facebook Attracting More Users with Gray Hair, Wrinkles

Microsoft Promises to Stymie Hackers Next Week with New Patches

Cloud Computing, Security to Drive US Gov't IT Spending

The Botnet World is a Booming World

NTIA Seeks Volunteers to Review Broadband Applications

WHITE PAPERS

Five Key Considerations for Selecting a Data Loss Prevention Solution

A Head Start: Communications Transformation Platform

Reinventing Television: The Future of TV Drama

Protecting revenue streams - securing training videos to prevent theft of information

Protecting exam textbooks and study materials from intellectual property theft

10 things you really wished you had known about PDF Security, but they didn't tell you!

Is your data center ready for virtualization? Important Power Considerations for Virtualized IT Environments

The necessary convergence of IT and Facilities - Bringing the two groups together under one unified process

The Vector Approach to Data Center Power Planning

Is your data center running out of power or cooling?

What your IT equipment needs from a UPS.

The Gartner Magic Quadrant for IT PPM Applications

Coping with the Explosion of Data in Life Sciences Research

SQL Server Consolidation

HP StorageWorks: A Bottleneck-free Infrastructure

Sustaining SOX Compliance: Best Practices to Mitigate Risk, Automate Compliance, and Reduce Costs

Keep it Clean: Maintaining the Integrity of your CMDB through Change Detection

IDC White Paper: CCM for IT Compliance and Risk Management

The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164

Configuration Assessment: Choosing the Right Solution

More White Papers »

FEATURED SPONSORS

SPONSORED LINKS

Reduce risk, gain agility. See how Progress can help your business.

Improve ROI, lower TCO and reduce energy consumption.

Introducing the new HP ProLiant G6 server family

Accenture: Outsourcing for Competitive Advantage. More...

Better spam protection with Postini for just $1/user/mo

Introducing the new HP ProLiant G6 server family

infoBOOM! - The Mid-Sized Company CIO's Exclusive Community

Accenture IT Consulting: Logical meets technological. More . . .

The Fraudster Economy Model: Operating a Business in the Underground

Payback in 9 months with CA Spectrum solutions

The Case for Investing in Business Analytics Technology. Read white paper.

Live Webinar: Applying Business Analytics. Click here to learn more

Seven Ways ITIL Can Help You in an Economic Downturn

Developing A Dynamic, Real-Time IT Infrastructure

Maximizing the Business Value of the PC Infrastructure

Communications and Collaboration Needs at Business Organizations

Using Open Source to Deploy Web Applications

Cloud Computing: Read about VMware's compelling vision & set of products

Enterprise PBX Buyer's Guide

Secondary Market Primer: Your Network at Half Price

How Interactive Viewer Reduces the Effort to Meet Visualization Requirements

Stop Application Fraud at the Source with Device Reputation

Learn about the VMware vSphere (TM) & Intel (R) Xeon (R) Processor 5500 Series

Learn how a virtualized enterprise can help your company reduce costs

Why Isn't Server Virtualization Saving Us More?

64-page prescriptive guide to security, compliance, and IT operations.

Get Google Enterprise Search for your business information.

Accenture IT Consulting: Enabling high performance. More...

Top Five CIO Challenges

Insight makes it easy to spend your Microsoft subsidy check.

Five minute business analytics assessment. Immediate results.

Dangerous Collaboration Practices: 5 Ways IT Can Minimize Risk

Accenture: Outsourcing for uncertain times. Click to learn more.

Keep online transactions fast with CA Wily APM

Get agile IT security with CA Security Management

Trade in your old laser printer and get up to $1000 back!

Taking the Service Desk to the Next Level

Revolutionizing Enterprise Application Deployment

Why Data Loss is Increasing--and What You Can Do About It

Data Loss Prevention: A Better Way to Approach Security

Learn how to managing client systems in the enterprise.

Build a High-Performance Open Web Platform

Mid-Sized Company CIO Community: infoBOOM!

Enterprise PBX Comparison Guide

Getting Value from Outdated Networking Equipment

Top-line Performance that's Bottom-line Efficient

White Paper: 8 Key Ingredients to Building an Internal Cloud

Read about virtualization and consolidation effort best practices

Building the Virtualized Enterprise with VMware Infrastructure

The Global Marketplace Today: Strategies for Tough Times

© 1994 - 2009 CXO Media Inc.