The U.S. Department of Homeland Security (DHS) will release a new system of guidelines intended to increase security in the software in many Web-based services. The guidelines include a list of the top 25 programming errors that lead to the most serious hacks. DHS says it hopes that the system will make it easier for companies and agencies to secure their parts of cyberspace and contribute to developing safer global networks.
The top 25 list was created by the SANS Institute and Mitre, as well as top security experts in the United States and Europe. The number one security risk, according to the list, is a programming error that allows SQL-injection attacks on Web sites.
The guidelines also will include vignettes for industries such as electronic commerce, banking, and manufacturing that will highlight which programming mistakes are the biggest risks.
Avoiding common programming mistakes is vital to fending off today's worst attacks, says SANS director Alan Paller. "This is the only way to get around [zero-day attacks]," Paller says. "The only possible defense is to stop the error from being in the software in the first place."
From The New York Times
View Full Article
No entries found