Forum latest

Build security into applications? Why didn't everyone think of that? We did!!
Written by Daniel   
Monday, 05 March 2007 10:39
Getting to Know the Enemy Better

MARCH 1, 2007 | ARLINGTON, Va. -- Black Hat DC -- Experts agree: The best way to secure applications is to build security in during the development phase. The problem is that there are few standards or templates for doing it.

But that situation is about to change, according to speakers at the Black Hat conference here today. In fact, draft guidelines for specifying common security weaknesses and common attack patterns could be just weeks away.

In two separate presentations, experts from Mitre and Cigital -- two companies with long track records in government and industry standards -- outlined plans for the implementation of Common Weakness Enumeration (CWE) and Common Attack Pattern Enumeration and Classification (CAPEC), two specifications that could eventually help developers recognize weaknesses in their applications and anticipate common attack patterns that adversaries might use to break in.

The proposed specifications would offer common methods for describing and categorizing weaknesses and attack vectors, much as Common Vulnerability Enumeration (CVE) and Common Malware Enumeration (CME) have done for vulnerabilities and malware.

The CWE is in its fifth draft and is already delivering some benefits for software developers, according to Robert Martin, principal engineer at Mitre. It represents a "dictionary" of frequently made mistakes in software development that can lead to exploitable vulnerabilities, he said..... MORE

Comment in the Forums 


See also

None found.

Hardware | Windows | Linux | Security | Mobile Devices | Gaming
Tech Business | Editorial | General News | folding@home

Forum | Download Files

Copyright ©2001 - 2012, AOA Forums.  All rights reserved.

Alliance of Overclocking Arts

Links monetized by VigLink

Don't Click Here Don't Click Here Either