WHITE PAPERS SPONSORED PROFILES JOB BOARD WEBINAR CENTER FREE SOFTWARE BZ RESEARCH ALMSHAREPOINT EVENTS CALENDAR PRINT/PDF EDITION PRINT/PDF BACK ISSUES

SUBSCRIBE TODAY CUSTOMER SERVICE EDITORIAL BEATS GUEST VIEW GUIDE SD TIMES 100 GUIDE EVENTS CALENDAR ADVERTISING ARTICLE REPRINTS REPORT A BUG SITE MAP

ABOUT US BZ MEDIA NEWS BZ RESEARCH NEWS ON MONDAY SPTECHREPORT SPTECHWEB SPTECHCON IPHONE/IPAD DEVCON ANDROID DEVCON PRIVACY POLICY CONTACT US

HOME >> LATEST NEWS

Department of Homeland Security lays down security suggestions

By Victoria Reitano

June 29, 2011 — The U.S. Department of Homeland Security, in collaboration with The MITRE Corporation, recently released the Common Weakness Enumeration version 2.0, a best-practice guide for mitigating weaknesses in software based on the advice of experts from the government, software industry and academic thought leaders.

The MITRE Corporation, a not-for-profit agency that assists the government and other agencies with private sector issues, also released a list of the top 25 most dangerous software errors in order to point out areas developers need to be more aware of in future development projects.

MITRE cites missing authorization, use of hard-coded credentials and downloading code without integrity checks as among the most dangerous errors.

The DHS, in a blog post on June 27, said the project was completed under its National Cybersecurity Division under the Software Assurance Program, which works with the private sector “to spearhead the development of practical guidance and tools while promoting research and development of secure software engineering.”

The guidelines are meant to give software development teams a best-practice development guide in order to reduce the amount of vulnerabilities in their software. Some of the best practices include examples of known vulnerabilities, platforms that are most susceptible to them, and other examples of known malware threats, as well as a checklist for developing secure code with those weaknesses in mind.

Idappcom, an independent data traffic analytics and security firm, believed that these weaknesses can be attributed to the human element in software development, which was confirmed by the DHS in a recent survey.

DHS staff, according to Ray Bryant, Idappcom’s CEO, dropped data disks and USB sticks in the parking lots of government agencies in order to see who might find them and access the information. The DHS found, according to Idappcom’s release, that 60% of these data disks and USB sticks were inserted into government-owned computers.

“This observation—the proof of anecdotal evidence if you will—has ramifications in all aspects of IT security, and especially, I believe, when it comes to network security, as it also shows you cannot rely on staff installing IT security systems properly,” Bryant said.

He added that this is an indication that, in his opinion, the best way to combat these errors is to use “automated and effective auditing of the security appliance and allied systems, which then assists the IT security management about which areas of network/IT system security needs tightening up.”

Related Search Term(s): MITRE, security

Share this link: http://sdt.bz/35682

Most Read Latest News Blog Resources

Android is the focus of two new design tools
Anywhere Software and Xamarin provide ways for developers to create and test their applications on PCs

LEADTOOLS HTML5 add-on modules released
Including New HTML5 Zero Footprint Viewer, JavaScript Libraries and RESTful Web Services for Document and Medical SDKs

How to speed up your Cukes
Using a five-step process derived from Six Sigma, Cucumber tests can go much faster

WhiteSource offers open-source license management as a service
Software gives companies insight into the open-source components in products

SmartBear rolls out new quality solution: API Complete
Software gives organizations ability to write test scripts and monitor APIs by bridging the DevOps divide

Android is the focus of two new design tools
Anywhere Software and Xamarin provide ways for developers to create and test their applications on PCs

WhiteSource offers open-source license management as a service
Software gives companies insight into the open-source components in products

Top five devices you can integrate with your applications
A five-fingered list of common, household items with which you can talk to (via software, of course)

Slick...but who needs it?
compilr.com is a well-designed site and the folks behind it seem to have their heart in the right place. But...who needs it?

How to be a better software developer
Want to be a better developer? You won't get there by mastering an interesting language or learning a new set of APIs.

Wooing Galatea
Do yourself a favor and check out Galatea 2.2, a wonderful book by novelist Richard Powers.

The world as story
An artificial-intelligence system at Carnegie Mellon seeks to understand the world by making statements about it.

Five SCM Best Practices Two-thirds of all software projects fail, according to the Standish Group’s CHAOS study. Improper usage of software configuration management...

Best Practices for Branching and Merging Patterns

Development teams often create a branching pattern, usually drawn out on a white board or in a Visio document, that is used as a model to...

Automated Error Reporting We invite you to read a short e-zine that tells you all about automated error reporting for .NET applications. This 8-page e-zine is packed...

The End of Application Redeploys Imagine that every time you wanted to write, send or receive an email, you needed to restart your computer. How much time would this take, a...

Technorati

Digg

Slashdot

Facebook

Friendfeed

Twitter

del.icio.us

Cigital Develops Ready-to-Use Tools for Securing the Smart Grid Cigital Inc. announced the release of the Guide to Developing a Cyber Security and Risk Mitigation Plan.

Metadata Security for SharePoint Adds Security Permissions Titus Metadata Security for SharePoint allows permissions to be assigned based on the recipient's Active Directory properties

As open-source adoption grows, so do security risks Companies do not keep good records of open-source use, nor do they check in enough with open-source communities

Add comment

Name*
Email*
Country

Comment

Cigital Develops Ready-to-Use Tools for Securing the Smart Grid
Cigital Inc. announced the release of the Guide to Developing a Cyber Security and Risk Mitigation Plan Read More...

News on Monday
more>>
SharePoint Tech Report
more>>

Download Current Issue
MAY 2012 PDF ISSUE

Need Back Issues?
DOWNLOAD HERE

Want to subscribe?

Slick...but who needs it?
compilr.com is a well-designed site and the folks behind it seem to have their heart in the right place. But...who needs it?
05/16/2012 12:45 PM EST

How to be a better software developer
Want to be a better developer? You won't get there by mastering an interesting language or learning a new set of APIs.
05/14/2012 12:18 PM EST

Wooing Galatea
Do yourself a favor and check out Galatea 2.2, a wonderful book by novelist Richard Powers.
05/12/2012 07:05 PM EST

The world as story
An artificial-intelligence system at Carnegie Mellon seeks to understand the world by making statements about it.
05/10/2012 06:39 AM EST

The Rise of the Brogrammer, or the Rise of the Sexist Programmer?
Women in Silicon Valley get vocal about sexist ads and campaigns that contribute to a tense work environment.
05/09/2012 03:14 PM EST

Retriever Communications Releases RADE3
Organizations concerned about the growing popularity of bring your own device to work policies may be comforted by the release of RADE3.
05/09/2012 11:46 AM EST