acm-header
Sign In

Communications of the ACM

ACM TechNews

Hold Vendors Liable For Buggy Software, Security Experts Say


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook

Security experts from more than 30 organizations recently called on enterprises to put more pressure on security vendors to ensure secure code development. The group, led by the SANS Institute and Mitre, also released draft language for use in procurement contracts between organizations and software development firms that would leave the development firms liable for software defects.

"Nearly every attack is enabled by [programming] mistakes that provide a handhold for attackers," says the SANS Institute's Alan Paller. "The only way programming errors can be eradicated is by making software development organizations legally liable for the errors."

SANS and Mitre also released its CWE/SANS Top 25 list of the most common programming errors being made by software developers. According to the list, SQL injection errors, cross-site scripting flaws, and buffer overflow weaknesses are the most common programming errors.

From InfoWorld
View Full Article

 

Abstracts Copyright © 2010 Information Inc., Bethesda, Maryland, USA


 

No entries found