Software Technologists Should Have Secure Programming Skills
In the second week of February 2007 the threat vulnerability newsletter of the SANS and Qualys @RISK reported that four out of top five most dangerous vulnerabilities were related to security products. These products were of Snort, Trend Micro, VeriSign and SupportSoft. Meanwhile Mozilla's Firefox took the fifth place in the vulnerability list. Thus it would not be wrong to ask whom to trust for building and developing secure software, so went the publication by cbronline on March 12, 2007.
Vulnerability is described as the extent to which a software component is susceptible to unauthorized access, modification, or revelation of information and is subject to intervention or break down of system services.
Problem with onUnload coding is not exclusive to Mozilla; security watchers have labeled as a security disaster waiting to take shape. After the discovery of several vulnerabilities in Firefox browser, users need to update their software.
The trend today is that more security attacks consider beating applications. Moreover since to operate security products high privileges are necessary, these products themselves become main targets.
Microsoft, which is not prominent on the February-week vulnerability list, has been preaching the policy that secure programming proficiency is now far more important than just programming proficiency, and that the security industry should focus on this.
An un-patched vulnerability in Microsoft's Windows operating system is close to having an exploit code. Microsoft discovered the problem in the last week of 2006 and says it is within the system that handles Windows Meta Files (WMF). Microsoft is urging all administrators to hold back all WMF files. Microsoft has taken eight days time from users to make their computers safe.
The newsletter emphasized the fact that no one is completely safe from common vulnerabilities that add in the process of software development such as remote code execution, processor buffer overflows and ActiveX Control buffer overflows. As technology qualifications incline to include security skills one may want to ask emerging vendors and service providers how much their technologists accomplished in this area, for in the end it is those vendors who enable the hiring availability of these technologists' expensive skills.
Related article: Software Giant Microsoft Becoming More Spam Affectionate
» SPAMfighter News - 26-03-2007