FYI, CERT/CC reported 8064 software vulnerabilities in 2006, for a
35% increase over 2005.
See http://www.theregister.co.uk/2007/01/21/2006_vulns_tally/
The article further states, The greatest factor in the skyrocketing
number of vulnerabilities is that certain types of flaws in community
Ok, last software security news item for today, I promise. :-) This
article (see
http://www.darkreading.com/document.asp?doc_id=115110WT.svl=news1_1)
is about a couple of new startup companies. One of them in
particular, Veracode, may be of some interest here. The article
says,
At 1:52 PM -0500 1/22/07, Kenneth Van Wyk wrote:
Content-Type: multipart/signed; protocol=application/pgp-signature;
micalg=pgp-sha1; boundary=Apple-Mail-12-58709954
Content-Transfer-Encoding: 7bit
Ok, last software security news item for today, I promise. :-) This
article (see
At 3:10 PM -0800 1/22/07, Blue Boar wrote:
ljknews wrote:
Analyzing source code is independent of machine architecture.
My guess is that if a company actually is capable of analyzing
binary code they only do it for the highest volume instruction
sets.
My guess is that attackers will go
This is completely unsurprising. Apparently nobody told the agile dev
community that they still need to follow all the secure coding practices
preached at the traditional dev folks for eons. XSS, redirects, and SQL
injection attacks are not revolutionary, are not all that interesting, and
are so