Software has never been very secure, they say, but it may be getting even less so. An analysis by security firm Veracode recently found that 70 percent of applications fail to comply with security policies, beating out last year's 60 percent.
Do your developers and security gurus get along great? If so, move along, there's nothing to see here.
Large enterprises that test software as a central function tend to manage the tests with repeatable, factory-like methods. Barclay's Bank is among the pioneers of a new approach that enables testers to react, learn and adapt to situations as they evolve, reports Matthew Heusser at CIO magazine.
Some big names in software have been offering bounties to researchers who find security vulnerabilities in their programs, while other big software makers forego the tactic. Mozilla, PayPal and Google have shelled out a lot of cash for bugs, while Microsoft, Apple and Adobe prefer not to pay for such discoveries. Do the bug bounty programs make the Internet any more secure, asks Kim Zetter at Wired.
No software vendor is immune from selling flawed code, but some vendors handle their vulnerabilities better than others.
Last year Microsoft (NASDAQ: MSFT) saw its lowest level of critical vulnerabilities in five years, which was at least partially a function of the Secure Development Lifecycle component of its
Manufacturing plants and critical infrastructure facilities may have received a rude awakening last week when researchers released exploit modules after finding major security flaws in industrial
There is a widening gap between the quality standards that businesses apply to the software they develop in-house and the software they get from other providers. Seventy percent of companies conduct
More than half of all software programs are of an unacceptable security quality, according to a study by the secure software services provider Veracode. The company analyzed 4,835 applications
Software bugs have always been a part of software, but new pressures appear to be motivating programmers to give more thought to security early in the development processes. To provide some ideas on