Home → News → Hold Vendors Liable For Buggy Software, Security Experts... → Full Text

Hold Vendors Liable For Buggy Software, Security Experts Say

By InfoWorld

February 17, 2010



Security experts from more than 30 organizations recently called on enterprises to put more pressure on security vendors to ensure secure code development. The group, led by the SANS Institute and Mitre, also released draft language for use in procurement contracts between organizations and software development firms that would leave the development firms liable for software defects.

"Nearly every attack is enabled by [programming] mistakes that provide a handhold for attackers," says the SANS Institute's Alan Paller. "The only way programming errors can be eradicated is by making software development organizations legally liable for the errors."

SANS and Mitre also released its CWE/SANS Top 25 list of the most common programming errors being made by software developers. According to the list, SQL injection errors, cross-site scripting flaws, and buffer overflow weaknesses are the most common programming errors.

From InfoWorld
View Full Article

 

Abstracts Copyright © 2010 Information Inc., Bethesda, Maryland, USA

0 Comments

No entries found