Skip to navigation
   
Davey Winder's Blog
RSS

Swiss cheese applications are the norm

By Davey Winder in Editorial

Posted in Data Protection, Blog, Security on April 10, 2008 at 2:19 pm

Permalink | Author Profile

Another of those pre-InfoSecurity surveys has emerged from my email today, and oh boy is this one a huge bringer of happiness. Well, actually, no it isn’t. What it does bring to the IT security table is the bad news that 75 percent of of the companies questioned think their applications have holes large enough to be exploited by criminal types.

One Professor Howard A. Schmidt, who happens to be a director at Fortify Software but perhaps more interestingly also a former Cyber Security Adviser to the White House, is quoted as saying “this figure of three quarters of organisations having security holes based on application vulnerabilities, while dramatic, is unfortunately not that surprising. When organisations develop applications, quality is one of the highest priorities but security vulnerabilities are seldom recognized or fixed. Priority is often given to delivering application features and business benefits without the understanding of fundamental coding errors that lead to security issues. Cybercriminals are targeting applications to steal money and information, and they know all too well how to exploit vulnerabilities not only in commercial software but are also very adept in finding security holes in applications that are developed “in house”. Business leaders need to set in place business software assurance processes including development practices designed to ensure that their applications are secure to protect the data of citizens, customers and shareholders from the new wave of threats from cybercriminals.”

He’s not wrong of course, although I disagree about the ‘not that surprising’ bit. I am absolutely gob-smacked that people wearing long trousers and one assumes getting paid decent money to take care of IT business will happily admit that the applications they use are doing a decent impression of Swiss cheese: full of holes.

Look, hackers are not in it for the fun any more. Forget the pot-boiler novel portrayal of the spotty geek wreaking havoc for the heck of it. Today those geeks can afford to have laser treatment for the spots and still have enough money left over for the latest bling-filled car. Cyber crime is big business, big and well organised business. Shame that it seems only the bad guys are taking it seriously enough though…

12345
Rated: 100% (1 votes)
Loading ... Loading ...

Previous Post | Next Post

 
 
Comments

Comment by Nick Kotarski - May 20, 2008 on 2:56 pm

Interesting.

I had an experience of this a while ago. I had used a printing company a couple of times then started getting spam on the email address I had given them (one address per signup usually). I told the company and registered a new email address. A little while later I started getting spam on the new address.

A quick check on the company website showed that the login was vulnerable to basic SQL injection.

I phoned the MD and told him what had happened and about the SQL Injection vulnerability. I could hear him go pale (if you see what I mean).

His response was that he didn’t thing that the developers were capable of fixing the problems.

I haven’t used them again.

Comment by herbal remedies - October 26, 2009 on 6:55 am

Pretty interesting, I just can’t believe it. Thank you Nick Kotarski for let us know whole your experience through your comments.

Pingback by IT PRO: Blogs: Davey Winder: Swiss Army Encryption - January 23, 2010 on 11:16 am

[…] am I going on about this time, you might be wondering although grateful that I’ve dropped the Swiss Cheese talk by now, so let me explain. The tool in question is a USB data drive and the reason it cannot be […]

Trackback by Rodolfo Dagel - February 9, 2012 on 7:43 am

will smith greatest hits download…

[…]world using the Swedish Middle Institute linked with Gymnastics. Swedish therapeutic therapeutic massage has remained […]…

Make a comment

* required

* required

We stop spam using reCaptcha.
Type the words below and click Submit Comment.

   
Tag cloud

football console Tesco IDC web 2.0 Notebooks spam Marketing hacking law HPC Nexus technology Mafia environment Internet Explorer PS3 encryption Digg Android Game christmas computers Education RAM network Employment monetisation Sony politics Noro email Michael Jackson home statistics Kin open source Data Centre YouTube iPhone 3G Top 500 Browsers adware world of warcraft Intel desktop Bill Gates poll sick Windows report IBM Europe digitise IP Russia Firefox iPod banks Experiment Kill Switch MiniBook office spending Steve Jobs copyright mail ISPA money standards family carbon copy xmas scan policy Pirate App graphics acquisition Death innovation virtualisation Blog School EU patch management black hat Beta Apple Voice Geeks Paris Hilton iPhone security credit crunch Architecture computer exploit earth hour betting library holidays Business parental control support Army admin OS Windows 7 Gadget Psychic FBI Trojan science Performance computing XP The Federation OCR patent Military Rant Amazon malware hoax iPad worker scam virtual machine survey fraud Parenting Trousers payments Guardian Election Opinion shopping Microsoft recession Texas Instruments outsourcing hypervisor teleworking Project Acer news Advertising social networking VeriSign Palm Pre Flash disclosure Health BOFH SSL stupidity Retail Children Programming Facebook Web Development mobile Energy Music Battery Palm BSI debian information e transactional security phishing Porn gaming archiving second life terrorism cloud Adobe Linux hubdub Mars Netbook Steve Ballmer credit card fraud USA Johnny Depp printing man-in-the-middle Meh services Video Apps privacy avatar migration Eee fun nightmare Nintendo trust Sex books work size rootkits computing Big Brother China workplace Recall search crime wifi ISP Funny Silverlight smartphone Addiction Analysis economy Ballmer development RATM memory fool Supercomputer theft iPhone 3GS Research prison Vista symantec botnet App Store remote Eee PC Yahoo games linkedin campaign data protection McKinnon surveys Lotus MSN Patents Psion Blogging banking dumb Dell fake scareware biometrics Finjan Mobile Phone Kindle ASUS Browser Texting data Kaspersky tech ID Theft lawsuit NBC Press service Media payment server Licensing ROFL IT eBook Software MessageLabs Jesus Phone Scotland Olympics compromise chips Enterprise meme DNS Jobs Cisco museum InfoSec productivity documentation students Windows Phone 7 Series web global Spotify Google Earth GSM Study Gateway Google Gartner Government hacker storage Banned gadgets Harry Potter VM worm Backlash Twitter Hack President Rumour NASA tax HP CAPTCHA SMS Digital Footprint Deal Obama VPN staffing stupid code Space Mobile Phones Developers management help Top 10 universe Application ecommerce snooping Conference Internet remote working AMD Madness broadband MSNBC e-commerce Zango Review Networks GMail hardware Microchip virus green economics virtual world millions
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement