Skip to main content

Home/ Information Security/ Group items tagged programming

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Skeptical Debunker

Hold vendors liable for buggy software, group says - 0 views

www.computerworld.com/...dors_Liable_for_Buggy_Software

vendor liability software security

shared by Skeptical Debunker on 09 Mar 10 - Cached
  • "The only way programming errors can be eradicated is by making software development organizations legally liable for the errors," he said. SANS and Mitre, a Bedford, Mass.-based government contractor, also released their second annual list of the top 25 security errors made by programmers. The authors said those errors have been at the root of almost every major type of cyberattack, including the recent hacks of Google and numerous utilities and government agencies. According to the list, the most common mistakes continue to involve SQL injection errors, cross-site scripting flaws and buffer overflow vulnerabilities. All three have been well-known problems for
  • Skeptical Debunker on 09 Mar 10
     
    A coalition of security experts from more than 30 organizations is urging enterprises to exert more pressure on software vendors to ensure that they use secure code development practices. The group, led by the SANS Institute and Mitre Corp., offered enterprises recent hacks of Google draft contract language that would require vendors to adhere to a strict set of security standards for software development. In essence, the terms would make vendors liable for software defects that lead to security breaches. "Nearly every attack is enabled by [programming] mistakes that provide a handhold for attackers," said Alan Paller, director of research at SANS, a security training and certification group.
  • Skeptical Debunker on 09 Mar 10
     
    Of course, a more general way to address this and other "business" generated problems / abuses (like expensive required "arbitration" by companies owned and in bed with the companies requiring the arbitration!), is to FORBID contract elements that effectively strip any party of certain "rights" (like the right to sue for defectives; the right to freedom of speech; the right to warranty protections; the right to hold either party to public or published promises / representations, etc.). Basically, by making LYING and DECEIT and NEGLIGENCE liability and culpability unrestricted. Or will we hear / be told that being honest and producing a quality product is "anti-business"? What!? Is this like, if I can't lie and cheat being in business isn't worth it!? If that is true, then those parties and businesses could just as well "go away"! Just as "conservatives" say other criminals like that should. One may have argued that the software industry would never have "gotten off the ground" (at least, as fast as it did) if such strict liability had been enforced (as say, was eventually and is more often applied to physical building and their defects / collapses). That is, that the EULAs and contracts typically accompanying software ("not represented as fit for any purpose" more or less!) had been restricted. On the other hand, we might have gotten software somewhat slower but BETTER - NOT being associated with or causing the BILLIONS of dollars in losses due to bugs, security holes, etc. Others will rail that this will merely "make lawyers richer". So what if it will? As long as government isn't primarily "on the side" of the majority of the people (you know, like a "democracy" should be), then being able to get a individual "hired gun" is one of the only ways for the "little guy" to effectively defend themselves from corporate criminals and other "special interest" elites.
Rich Hintz

Spot Messenger > Home - 0 views

www.findmespot.com/home.aspx

travel security gps checkin tracking rescue

shared by Rich Hintz on 27 Oct 08 - Cached
  • Rich Hintz on 27 Oct 08
     
    using the GPS satellite network to acquire its coordinates, and then sending its location - with a link to Google Maps™ - and a pre-programmed message via a commercial satellite network.
anonymous

SANS: CWE/SANS TOP 25 Most Dangerous Software Errors - 1 views

www.sans.org/top25-software-errors

security training programming

shared by anonymous on 13 Jun 13 - No Cached
  • anonymous on 13 Jun 13
     
    Top 25 software errors, and references to SafeCode
Rich Hintz

GOES - Global Online Enrollment System - 0 views

goes-app.cbp.dhs.gov

customs security border crossing travel usa

shared by Rich Hintz on 27 Oct 08 - No Cached
  • Global Online Enrollment System allows registered users to enter their own applications for U.S. Customs and Border Protection (CBP) Trusted Traveler Programs
Rich Hintz

U.S. Customs and Border Protection - Travel - 0 views

www.customs.gov/...sentri

customs security border crossing usa mexico programs

shared by Rich Hintz on 27 Oct 08 - Cached
  • expedited travel to approved members between the U.S. and Mexico border.
Rich Hintz

Cross often? Make it simple, use NEXUS - 0 views

cbsa-asfc.gc.ca/...menu-eng.html

customs security travel border crossing usa canada programs

shared by Rich Hintz on 27 Oct 08 - Cached
  • NEXUS is designed to expedite the border clearance process for low risk, pre-approved travellers into Canada and the United States.
Carlos Gomes

The SwitchWare Project - 0 views

www.cis.upenn.edu/...index.html

assurance msia security security.toresearch

shared by Carlos Gomes on 13 Mar 07 - Cached
  • The SwitchWare Project Active Network Research at Penn and Bellcore Active networks explore the idea of allowing routing elements to be extensively programmed by the packets passing through them. This allows computation previously possible only at endpoints to be carried out within the network itself, thus enabling optimizations and extensions of current protocols as well as the development of fundamentally new protocols. Welcome to the SwitchWare home page, describing the Active Networks research effort underway in the Penn Department of Computer and Information Science and Bellcore as well as pointers to related material.
Carlos Gomes

Welcome to CAcert.org - 1 views

www.cacert.org/index.php

assurance cryptography msia pki security

shared by Carlos Gomes on 13 Mar 07 - Cached
  • CAcert.org is a community driven, Certificate Authority that issues certificates to the public at large for free. CAcert's goal is to promote awareness and education on computer security through the use of encryption, specifically with the X.509 family of standards. We have compiled a document base that has helpful hints and tips on setting up encryption with common software, and general information about Public Key Infrastructures (PKI). For the enthusiast looking to dip their toe in the water, we have an easy way of obtaining certificates you can use with your email program. You can use these not only to encrypt, but to prove to your friends and family that your email really does come from you. For administrators looking to protect the services they offer, we provide host and wild card certificates which you can issue almost immediately. Not only can you use these to protect websites, but also POP3, SMTP and IMAP connections, to list but a few. Unlike other certificate authorities, we don't limit the strength of the certificates, or the use of wild card certificates. Everyone should have the right to security and to protect their privacy, not just those looking to run ecommerce sites. If you're extremely serious about encryption, you can join CAcert's Assurance Programme and Web of Trust. This allows you to have your identity verified to obtain added benefits, including longer length certificates and the ability to include your name on email certificates. CAcert Inc. is a non-profit association, incorporated in New South Wales Australia.
1 - 12 of 12
Showing 20 items per page