Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security SecProg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: The biggest thing affecting software security? People, apparently.

from [Irene Abezgauz] Network Security [Permanent Link]
Subject: Re: The biggest thing affecting software security? People, apparently.
Date: Thu, 30 Jun 2005 09:43:27 +0200 
Nick, 

First of all, notice the results are based on the opinions of 66
people, which hardly makes it a comprehensive survey.

Another thing, people and mistakes will always be there, but
technology improves to ensure people can make less mistakes and are
given less space and freedom to make such. Better technology provides
means for people to make less mistakes. It just seems less obvious
that it's the technology that is making the difference when it's
working properly. If the technology wasn't there people would make a
lot more mistakes while reinventing a less secure wheel.

Imagine a world with no commercial session management products. A
world dominated by home-grown session mechanisms. Oh, btw, that world
also does not have any cryptographic infrastructure. Wake up from the
nightmare, and realize technology *is* important, it is just easy to
overlook when it's there. It is the same as saying that people are the
biggest cause of road kills, indeed, they are. On the other hand,
imagine the same people driving bumpy roads with no traffic lights, no
stop signs, and no lane markings. It is easy to say "why are they
developing better roads and thinking of ways to improve, while people
are the largest factor". Because people *need* better infrastructures
and better technology to keep their mistakes in control.

Btw, technology is no good when not used properly, so yes, education
is very, very, very important.
That is why I strongly believe programmers should be educated for security.

Irene
-----------------------
Irene Abezgauz
Application Security Consultant
Hacktics Ltd.
Mobile: +972-54-6545405
Web: www.hacktics.com


On 6/29/05, Nick Murison <nick@urgusabic.net> wrote:

Hi all,

www.threatsandcountermeasures.com just closed their poll on what people
thought was the biggest thing affecting software security.  The results were:

People:     80.3%
Process:    18.2%
Technology:  1.5%

Results also available from www.threatsandcountermeasures.com/PastPolls.aspx.

If this is the case, then why is there such a huge financial investment in
security technology?  Is the human factor expected to magically improves once
we've got the "right" technology?

For our new poll, Threats and Countermeasures are asking what people
consider to be the more secure web application development platform; JSP,
PHP, ColdFusion, ASP.NET or old-skool CGI.

Best regards,
--
Nicholas John Murison
~~~~~~~~~~~~~~~~~~~~~
http://www.urgusabic.net
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: The biggest thing affecting software security? People, apparently., Clinton E. Troutman
Next by Date:  RE: The biggest thing affecting software security? People, apparently., PPowenski
Previous by Thread:  Re: The biggest thing affecting software security? People, apparently., Clinton E. Troutman
Next by Thread:  Re: The biggest thing affecting software security? People, apparently., . .
Indexes:  [Date] [Thread] [Top] [All Lists]