Skip to navigation
   
Davey Winder's Blog
RSS

Swiss cheese applications are the norm

By Davey Winder in Editorial

Posted in Data Protection, Blog, Security on April 10, 2008 at 2:19 pm

Permalink | Author Profile

Another of those pre-InfoSecurity surveys has emerged from my email today, and oh boy is this one a huge bringer of happiness. Well, actually, no it isn’t. What it does bring to the IT security table is the bad news that 75 percent of of the companies questioned think their applications have holes large enough to be exploited by criminal types.

One Professor Howard A. Schmidt, who happens to be a director at Fortify Software but perhaps more interestingly also a former Cyber Security Adviser to the White House, is quoted as saying “this figure of three quarters of organisations having security holes based on application vulnerabilities, while dramatic, is unfortunately not that surprising. When organisations develop applications, quality is one of the highest priorities but security vulnerabilities are seldom recognized or fixed. Priority is often given to delivering application features and business benefits without the understanding of fundamental coding errors that lead to security issues. Cybercriminals are targeting applications to steal money and information, and they know all too well how to exploit vulnerabilities not only in commercial software but are also very adept in finding security holes in applications that are developed “in house”. Business leaders need to set in place business software assurance processes including development practices designed to ensure that their applications are secure to protect the data of citizens, customers and shareholders from the new wave of threats from cybercriminals.”

He’s not wrong of course, although I disagree about the ‘not that surprising’ bit. I am absolutely gob-smacked that people wearing long trousers and one assumes getting paid decent money to take care of IT business will happily admit that the applications they use are doing a decent impression of Swiss cheese: full of holes.

Look, hackers are not in it for the fun any more. Forget the pot-boiler novel portrayal of the spotty geek wreaking havoc for the heck of it. Today those geeks can afford to have laser treatment for the spots and still have enough money left over for the latest bling-filled car. Cyber crime is big business, big and well organised business. Shame that it seems only the bad guys are taking it seriously enough though…

12345
Rated: 100% (1 votes)
Loading ... Loading ...

Previous Post | Next Post

 
 
Comments

Comment by Nick Kotarski - May 20, 2008 on 2:56 pm

Interesting.

I had an experience of this a while ago. I had used a printing company a couple of times then started getting spam on the email address I had given them (one address per signup usually). I told the company and registered a new email address. A little while later I started getting spam on the new address.

A quick check on the company website showed that the login was vulnerable to basic SQL injection.

I phoned the MD and told him what had happened and about the SQL Injection vulnerability. I could hear him go pale (if you see what I mean).

His response was that he didn’t thing that the developers were capable of fixing the problems.

I haven’t used them again.

Comment by herbal remedies - October 26, 2009 on 6:55 am

Pretty interesting, I just can’t believe it. Thank you Nick Kotarski for let us know whole your experience through your comments.

Pingback by IT PRO: Blogs: Davey Winder: Swiss Army Encryption - January 23, 2010 on 11:16 am

[…] am I going on about this time, you might be wondering although grateful that I’ve dropped the Swiss Cheese talk by now, so let me explain. The tool in question is a USB data drive and the reason it cannot be […]

Trackback by Rodolfo Dagel - February 9, 2012 on 7:43 am

will smith greatest hits download…

[…]world using the Swedish Middle Institute linked with Gymnastics. Swedish therapeutic therapeutic massage has remained […]…

Make a comment

* required

* required

We stop spam using reCaptcha.
Type the words below and click Submit Comment.

   
Tag cloud

App Experiment money stupidity Top 10 printing Digg Banned Windows Phone 7 Series Gateway Acer The Federation Steve Jobs gaming parental control Battery Flash Apple storage teleworking Licensing universe ROFL Election Obama Energy Performance computing Firefox Spotify OCR xmas Backlash computer Blogging iPhone 3G email holidays standards Noro information ID Theft recession Voice McKinnon code CAPTCHA hardware virus Mafia Project Conference MSN outsourcing spam Space Android biometrics Internet phishing Russia Business VeriSign gadgets Health Facebook memory RAM Army rootkits Palm Pre stupid family web 2.0 Internet Explorer AMD data EU China Dell news PS3 economics computing Jobs Sony MSNBC worm Hack smartphone Bill Gates earth hour Music compromise black hat InfoSec Finjan students dumb virtual world tax Rant development credit card fraud acquisition Parenting spending betting Gadget Children scan Mobile Phones USA innovation Tesco Software Education Enterprise SMS Psion library Kill Switch adware GMail privacy Analysis millions fake Browsers computers service open source avatar Windows 7 report Military RATM Trojan iPhone 3GS shopping remote working world of warcraft monetisation Employment ISPA law broadband XP scareware security home debian Media GSM Blog Netbook cloud fool Yahoo Press Rumour games e Mobile Phone Geeks trust symantec VPN campaign Application chips Porn digitise VM ecommerce management Review Psychic Europe Palm Windows Big Brother Eee graphics support eBook Kin App Store theft Microsoft Game archiving size linkedin Data Centre Nexus Video network help Paris Hilton BSI Pirate patent migration HPC Digital Footprint virtualisation hubdub Ballmer statistics lawsuit mobile surveys transactional security staffing copyright Amazon Web Development hacking mail Sex MessageLabs Notebooks payments Scotland Meh console second life meme Google Developers remote Deal Eee PC poll BOFH work scam iPhone nightmare science President Lotus Cisco hacker NASA Adobe payment server Guardian snooping books banking disclosure Texas Instruments man-in-the-middle Kindle Beta crime Vista politics Mars Olympics museum IT School workplace Microchip environment malware Jesus Phone Programming virtual machine Linux DNS Texting Nintendo fraud policy carbon copy Supercomputer search admin Patents MiniBook productivity sick Death SSL IP social networking green Trousers banks Twitter Apps iPod Study Networks office Madness Addiction Retail Funny Harry Potter Recall documentation Opinion football tech services christmas NBC Government Intel fun Advertising data protection Marketing IBM Kaspersky exploit botnet IDC Michael Jackson OS desktop economy Google Earth technology Johnny Depp terrorism worker e-commerce web Browser Gartner HP Silverlight iPad Zango Steve Ballmer hoax Research prison ISP hypervisor credit crunch encryption survey FBI YouTube Architecture patch management global wifi Top 500 ASUS
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement