
Apps new target for attacks
By Colin Barker
Published: 23 April 2008 15:52 GMT
While companies may go to great lengths to ensure their IT environments are secure, technology vendors need to do more to make sure their hardware and software is up to scratch, according to security experts.
At a panel debate at Infosecurity Europe 2008, security experts lined up to put some of the blame for hackers finding ways to exploit code on software makers. Alan Paller of the SANS Institute said: "Applications have become the new target for attacks," and referred to one Oracle user he claimed had suffered 80,000 attacks on its systems.
Security A to Z
From antivirus to zero-day, click here for silicon.com's alphabetical guide to security. ![]()
Rhonda MacClean, chief information security officer for Barclays, explained in detail how her company routinely tests the security of most of the software it buys in from suppliers.
MacClean said: "Using someone else's software does not abdicate you from responsibility for the security of the code." She added that the constant updates and service packs made life especially difficult for in-house IT people. "Just when you got used to the code, a new version comes along."
But despite the shortcomings of some software makers' code, IT departments are ultimately responsible for the code they use within their organisations.
MacClean said: "We want code that, as far as security is concerned, is A+. But when we tested code [at Barclays] we found a lot of it was C-."
According to MacClean, the problem is relatively easy to improve. She said: "We talk to [the suppliers] about the problem and we have got much better code as a result."
Original article: Vendors urged to take responsibility for security from ZDNet UK
About the challengeThe Specialist Test Team in Barclays Wealth Technology are experts in performance testing and functional test automation. Barclays ...
You will ensure that every unit has the correct systems and processes in place for financial reporting and management and, where appropriate, will ...
Able to guide users through technical authoring software (Articulate) and provide training and support Finding subject experts and commissioning ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead
Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy