Computerworld - Most Underrated Vulnerabilities
The STAT network security unit at Melbourne, Fla.-based Harris Corp. released its list of the most underrated and most overrated security vulnerabilities a week ago. Remote procedure call vulnerabilities probably wouldn't top the list after last week's bout with the Blaster worm:
1. RPC vulnerabilities
2. Distributed Component Object Model vulnerabilities
3. Wireless vulnerabilities
4. Keystroke-logger vulnerabilities
5. Spyware programs
Security Bookshelf
Secure Coding: Principles and Practices, by Mark G. Graff and Kenneth R. van Wyk, O'Reilly & Associates, 2003.
Judging by the number of security bugs that continue to emerge, a good book about writing secure code is quite timely. The authors of this guide have plenty of experience in trying to produce secure code, and those experiences shine through in the many real-world examples they give and the practical approaches they take in architecture, design, implementation, operations and testing.
This is an excellent book to dip into for ideas to improve coding practices in your organization. It doesn't go into all the technical details, but it does help you make sure that you're asking the right questions. Secure Coding includes a comprehensive bibliography and Web links.
-- Vince Tuesday
Read more about Security in Computerworld's Security Topic Center.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
