Microsoft’s issuance last week of 14 security patches raised fears that worm-based attacks would follow and sparked discussion on how to better build code. Of the holes identified in Windows XP, Windows Server 2003 and older versions, some are so critical that exploiting them could lead to total compromise of machines and files, security experts say. But the way to eliminate such vulnerabilities isn’t via patches, but in creating tools and processes for building more secure code and weeding out problems in the development phase. It’s a problem that bedevils not only Microsoft but any large company that writes its own applications or source code. Many organizations try to stomp bugs by having the chief software architect and programmers work in a formal process with the security manager’s staff as part of the code-evaluation process, says Steve Orrin, CTO at Sanctum. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.