[SC-L] Vulnerability tallies surged in 2006 | The Register

2007-01-22 Thread Kenneth Van Wyk
FYI, CERT/CC reported 8064 software vulnerabilities in 2006, for a 35% increase over 2005. See http://www.theregister.co.uk/2007/01/21/2006_vulns_tally/ The article further states, The greatest factor in the skyrocketing number of vulnerabilities is that certain types of flaws in community

[SC-L] Dark Reading - Discovery and management - Security Startups Make Debut - Security News Analysis

2007-01-22 Thread Kenneth Van Wyk
Ok, last software security news item for today, I promise. :-) This article (see http://www.darkreading.com/document.asp?doc_id=115110WT.svl=news1_1) is about a couple of new startup companies. One of them in particular, Veracode, may be of some interest here. The article says,

Re: [SC-L] Dark Reading - Discovery and management - Security Startups Make Debut - Security News Analysis

2007-01-22 Thread ljknews
At 1:52 PM -0500 1/22/07, Kenneth Van Wyk wrote: Content-Type: multipart/signed; protocol=application/pgp-signature; micalg=pgp-sha1; boundary=Apple-Mail-12-58709954 Content-Transfer-Encoding: 7bit Ok, last software security news item for today, I promise. :-) This article (see

Re: [SC-L] Dark Reading - Discovery and management - Security Startups Make Debut - Security News Analysis

2007-01-22 Thread ljknews
At 3:10 PM -0800 1/22/07, Blue Boar wrote: ljknews wrote: Analyzing source code is independent of machine architecture. My guess is that if a company actually is capable of analyzing binary code they only do it for the highest volume instruction sets. My guess is that attackers will go

Re: [SC-L] Vulnerability tallies surged in 2006 | The Register

2007-01-22 Thread Benjamin Tomhave
This is completely unsurprising. Apparently nobody told the agile dev community that they still need to follow all the secure coding practices preached at the traditional dev folks for eons. XSS, redirects, and SQL injection attacks are not revolutionary, are not all that interesting, and are so