Solution Centers

MORE

Everything Else

Virtual Conferences

Security Directions
On demand until December 30, 2009

Navigating Through Dynamic Times by Cisco
On demand until November 20, 2009

Ways to connect with CIO

all RSS RSS Feeds

Subscribe to All of CIO.com

Subscribe to Mobile

Subscribe to Web 2.0

Subscribe to Careers

Subscribe to ERP

CLOUD COMPUTING

Drilldowns

Beats

Cisco Undervalues Tandberg, Investment Firms Say

TECHNOLOGY
- Infrastructure
  - Cloud Computing
  - Network
  - Security
  - Client
    - Desktop
    - Laptop
    - Laptop - Macbook
    - PDA
  - Server
    - Load Balancing
  - Mobile
  - Operating Systems
    - Windows
    - Windows - Vista
    - Linux
    - Mac
    - Mac - Leopard
    - Unix
    - Other
  - Data Center
  - Virtualization
- Applications
- Development
  - Open Source
  - Eclipse
  - Java
  - .NET
  - Agile
  - Web Services
- Architecture
  - Enterprise Architecture
LEADERSHIP

IT DRILLDOWN

Cloud Computing

NEWSLETTERS

CIO.com updates, insights and advice on technology, management and your career.

LEADERSHIP

CIO Executive Programs

The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

CIO Executive Council

A Peer-Advisory Service and Professional Association for CIOs

Public Council Teleconference: Application Rationalization — Hidden Costs and Smart Decisions

November 17 at 11:00 am US/Eastern (GMT-5)

Join Honorio Padrón, of The Hackett Group, who will share the drivers for companies to tackle application rationalization and the results of research that define the hidden cost of complexity. Additionally, we will discuss key decision milestones—to start or not, holding the course steady and fulfilling expectations.

Virtual Desktop Cost-Benefit Analysis — Michael Jacobs, Catlin Group

The analysis contained in this presentation measures the cost of everything from the machines and licenses to the infrastructure for virtual vs. traditional desktop environments.

Honor your best senior team members - Apply for the CIO Ones to Watch Award

Get well-earned public recognition for your top up-and-coming team members, your IT organization and your enterprise. Award winners will be announced, publicized and feted in May 2010, great timing to help attract new IT recruits to your company.

More / Register »

Learn more about the CIO Executive Council »

RESOURCE CENTER

buy a link »

News

NSA Helps Name Most Dangerous Programming Mistakes

A group of more than 30 computer organizations has taken what some are calling a big step toward making software more secure.

Leave a comment

By Robert McMillan

January 12, 2009 — IDG News Service —

A group of more than 30 computer organizations has taken what some are calling a big step toward making software more secure.

Led by experts from the U.S. National Security Agency, the Department of Homeland Security, Microsoft and Symantec, the group plans to publish on Monday a blueprint outlining the most dangerous software programming errors.

The list represents the first time the industry has reached consensus on the worst things that can happen when software is being written.

"The top 25 list gives developers a minimum set of coding errors that must be eradicated before software is used by customers," said Chris Wysopal, chief technology officer with Veracode, in a prepared statement.

More than just a list, however, the document could be used as a negotiating tool between buyers and software vendors, said Alan Paller, director of research with the SANS Institute, a security training group that spearheaded the work.

In fact, New York state is now developing procurement documents that could be used by state agencies to make their vendors certify that their code contains none of these programming errors. Ultimately that will make the vendor, not the state, responsible when buggy software leads to a security problem, Paller said. "When the software is found to be flawed ... all of the economic liability shifts to them."

Paller expects that this kind of certification, virtually unknown today, will become more common now that such a large part of the industry has agreed on what programming errors are most dangerous. But he expects it to be used in large custom-coding contracts rather than in the software licensing agreements used for widely distributed software such as Microsoft Windows.

The flaws include things such as allowing for SQL injection or cross-site scripting attacks, sending sensitive information in clear text, which can be easily read, and hard-coding security passwords into programs, where they're hard to change if discovered. The list of errors is set to be posted here.

Two of these bugs led to more than 1.5 million Web site breaches last year, SANS said. And that was just the start: Often, these Web breaches were used by online attackers to then launch more attacks against people who surfed the hacked sites.

Copyright © 2008 IDG News Service. All rights reserved. IDG News Service is a trademark of International Data Group, Inc.

Print

Share [+]

TOOLS

Comments

LinkedIn

RELATED

WHITE PAPERS

FISMA Prescriptive Guide

Tripwire helps federal agencies, as well as the organizations and contractors that store, process or transmit federal information.

Service Level Reporting and Communication

Service level reporting is the most visible output and often the most time-consuming activity in SLM.

Data Center Cost Analysis

Read this white paper to see how a server refresh can actually save money and meet green initiatives.

The Future Data Center

Building the next-generation data center requires a forward-thinking strategy that encompasses a broad range of new technologies.

Informatica Platform and Integration Competency Centers

Forrester used its total economic impact methodology to interview seven companies that have standardized their data integration practices.

Cutting the Cost of Enterprise Databases

This IDC white paper discusses the growing complexity of datacenter management, which is causing escalating costs.

WEBCASTS

Competitive B2B and B2C Relationship Management

Current macro-economic conditions and increased regulatory scrutiny are driving a number of changes to how business...

How to Improve Customer Experience In Private Health Insurance

Financial services managers must revisit the quality of their risk management capabilities while reducing cost thro...

Affordable Agility on Systm z

Join product experts from IBM Rational and ILOG, IBM's newest acquisition, as they discuss how application discover...

50% Speed to Market Gains with BRMS

Here's a fact-packed new event involving healthcare insurance claims, with expert panelists examining how rules & S...

Profit from Power Savings

Cut Costs & Green Your IT Operations with PC Power Management

Find out how and why 400 organizations have d...

IT Consolidation Made Easy

The Primary IT Initiative for Reducing Costs

Resource Alerts

Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.

Cisco Doubles Down on Collaboration with 61 New Products

Best and Worst of Exchange 2010

Detailing Contingency Planning

Microsoft Buys Bridge Between Java and .Net Developers

Open Source Software Ready for Big Business

Microsoft Makes Case for Upgrade to Exchange 2010

Accenture to Add 8,000 Staff in India

First IPhone Worm Spreads Rick Astley Wallpaper

Freescale Puts Two Chip Factories Up for Sale

RIM BlackBerry Developer Conference Kicks Off in San Francisco

WHITE PAPERS

FISMA Prescriptive Guide

Service Level Management Best Practices Service Level Reporting and Communication

Server Refresh Analysis

CIO eGuide: Inside the Next-Gen Data Center

The Total Economic Impact™ of the Informatica Platform and Integration Competency Centers

Cutting the Cost of Enterprise Databases

Selective Sourcing: The CIO Calls the Shots

8 Elements of Vulnerability Management

How Desktop Virtualization Changes the Game for IT

Virtualization 2.0: The Desktop Revolution

Tokenless Two-Factor Authentication: It Finally Adds Up

Advancing Innovation, Controlling Costs

Secure Email and Web-Based Communication from Evolving Attacks

Gaining the Performance Edge Using a Column-Oriented Database Management System

10 Ways Excel Drives More Value from Your SAP Investment

WagerWorks Takes Fraudsters Out of the Game Using iovation

Mobile Security: The Essential Ingredient for Today's Enterprise

Adobe LiveCycle Solutions for Business Process Automation

Adobe® LiveCycle® Solutions for Intuitive User Experience

How does a software company save big with Green IT?

More White Papers »

FEATURED SPONSORS

SPONSORED LINKS

See how AT&T can help protect your network.

Top Five CIO Challenges

Streamline IT Costs. Boost Performance with WAN Optimization.

Want to know how you can maximize employee productivity?

Build your 1st app FREE with Force.com

TDWI checklist helps define data readiness for analytics. Download report.

Increase UPS efficiency without sacrificing protection.

A Clear View Toward Virtualization

Virtualization Technology as a Business Solution

The rules of infrastructure management just changed.

A Clear View Toward Virtualization

Interactive Q&A helps you discover key ways to maximize IT assets.

Ready to virtualize tier one applications? Check your virtualization maturity.

Think you can't afford a Cisco Switch? Cisco Catalyst Switches are now more affordable.

Five minute business analytics assessment. Immediate results.

The Case for Investing in Business Analytics Technology. Read white paper.

Cut Costs & Green Your IT Operations with PC Power Management

White Paper: 4 Customer Service Myths

Mobile Security: The Essential Ingredient for Today's Enterprise

White Paper: Improve Agility with Operational Responsiveness

White Paper: 5 Best Practices for Smartphone Support

Global Research: CIOs Weigh In On Virtualization

5 Key Virtualization Management Challenges

Learn How Web Site Performance Impacts Shopper Behavior

IDC White Paper: CCM for IT Compliance and Risk Management

Join us at the US-Brazil IT-BPO Summit, on November 10th in New York.

Unified Communications: Thoughts, Strategies and Predictions. Join the discussion

Read the RSA report: Security for Business Innovation

Webcast: Looking to the Cloud for Email and Collaboration Services

64-page prescriptive guide to security, compliance, and IT operations.

Keep your IT expertise up to date. Join the Intel Premier IT Professionals.

A new fleet of PCs with a total ROI in 10 months. Find your ROI.

eZine: A Roadmap to Reducing IT Complexity

Reduce risk, gain agility. See how Progress can help your business.

Virtualization Technology as a Business Solution

eZine: A Roadmap to Reducing IT Complexity

World-class trading technology solutions from NYSE Technologies.

If You're Paying for Telecom, You're Paying Too Much. Contact Asentinel Today.

Trade-In your old printer and save up to $1,000 plus free recycling!

infoBOOM! - The Mid-Sized Company CIO's Exclusive Community

Live Webinar: Applying Business Analytics. Click here to learn more

White Paper: Right-Sizing Your Power Infrastructure

Webcast: Unleashing the Power of Customer Data

White Paper: Managed Security for a Not-So-Secure World

SharePoint - Unchecked growth of content is unsustainable.

White Paper: Legacy Tools: Not Built for the Helpdesk

Taking a Seat at the Executive Table: The Reality of Virtualization

Five-Step Mobility Management Plan

White Paper: Next Generation Remote Infrastructure Management

Disciplined Autonomy: Resolving the Tension Between Flexibility and Control

© 1994 - 2009 CXO Media Inc.