This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Template:Application Security News"
From OWASP
Line 1: | Line 1: | ||
+ | ; '''Aug 31 - [http://www.inweekly.net/article.asp?artID=3471 Red, white, and screwed]''' | ||
+ | : "We've consulted with all the top computer scientists around the United States on the software security issues and they've all told us one thing: 'It isn't currently possible to create technology that is 100-percent secure and trying to do that would be so cost prohibitive" | ||
+ | |||
; '''Aug 30 - [http://www.informationweek.com/hardware/showArticle.jhtml?articleID=192500179&subSection=Servers Web apps less secure...wait no, more secure]''' | ; '''Aug 30 - [http://www.informationweek.com/hardware/showArticle.jhtml?articleID=192500179&subSection=Servers Web apps less secure...wait no, more secure]''' | ||
: "Web applications tend to be written less tightly than other applications," says Alan Paller, director at the SANS Institute...But because the desktop model really isn't any better, and is in some ways worse, "Security will drive people to centralized applications." (There's a peek into Google's security process in this article - verdict: Distributed!) | : "Web applications tend to be written less tightly than other applications," says Alan Paller, director at the SANS Institute...But because the desktop model really isn't any better, and is in some ways worse, "Security will drive people to centralized applications." (There's a peek into Google's security process in this article - verdict: Distributed!) | ||
Line 7: | Line 10: | ||
; '''Aug 28 - [http://www.sdtimes.com/article/special-20060815-01.html Secure coding initiatives - Verdict: Don't start with tools]''' | ; '''Aug 28 - [http://www.sdtimes.com/article/special-20060815-01.html Secure coding initiatives - Verdict: Don't start with tools]''' | ||
: Tools give a warped perspective on software security. They overemphasize stuff they're good at finding, and completely miss critical flaws. Get your people and process aligned on secure coding, and then it will be easy to see which tools really help you. | : Tools give a warped perspective on software security. They overemphasize stuff they're good at finding, and completely miss critical flaws. Get your people and process aligned on secure coding, and then it will be easy to see which tools really help you. | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
; [[Application Security News|Older news...]] | ; [[Application Security News|Older news...]] |
Revision as of 22:36, 31 August 2006
- Aug 31 - Red, white, and screwed
- "We've consulted with all the top computer scientists around the United States on the software security issues and they've all told us one thing: 'It isn't currently possible to create technology that is 100-percent secure and trying to do that would be so cost prohibitive"
- Aug 30 - Web apps less secure...wait no, more secure
- "Web applications tend to be written less tightly than other applications," says Alan Paller, director at the SANS Institute...But because the desktop model really isn't any better, and is in some ways worse, "Security will drive people to centralized applications." (There's a peek into Google's security process in this article - verdict: Distributed!)
- Aug 29 - Personal data exposed on student loan Web site
- The U.S. Department of Education has disabled its Direct Loan Servicing System, the online payment feature of its Federal Student Aid site, because of a software glitch that exposed the personal data of 21,000 students who borrowed money from the department, said Education Department spokeswoman Jane Glickman.
- Aug 28 - Secure coding initiatives - Verdict: Don't start with tools
- Tools give a warped perspective on software security. They overemphasize stuff they're good at finding, and completely miss critical flaws. Get your people and process aligned on secure coding, and then it will be easy to see which tools really help you.