January 4

The CERT Cyber Security Bulletin 2005 Summary

You can find the list of vulnerabilities reported to the US CERT system in 2005 here: http://www.us-cert.gov/cas/bulletins/SB2005.html

They list 5,198 vulnerabilities that were reported through their system, a number reported as a record amount. Windows reported 812 flaws, 2328 flaws were reported for various flavors of Unix, including Linux and Macintosh OS X, and 2058 were reported that affected multiple operating systems.

At first blush, this is “just another” story about security gone awry. We view this, instead, as an opportunity to look at what this means and as a valuable piece of information in how we advance security in 2006 and beyond. It stands as a reminder that security must be considered at every level of an application, down to the code running on a user’s workstation.

As a CISSP Instructor, Michael teaches other professionals about application security on a regular basis. The seemingly ironic part about that is that Michael is not, and does not consider himself to be, a coder. Nevertheless, the principles he teaches can, and must, be applied at even the lowest levels, and earliest stages of an application’s development.

Stories like this remind us that a lot of applications today are developed in an effort to solve a problem and quickly get to market. Many follow code processes, project plans, and go through design specs.

This is the same process that needs to be used whether you are writing code, installing and configuring a system, or designing and deploying a network. If the security of the data is considered and integrated at every step of the process, it inevitably leads to an increase in stability of all three legs of the triangle, confidentiality, integrity, and availability.

Thanks to Brian Krebs at The Washington Post and Slashdot for the story.


Tags


You may also like

Are you using frameworks properly?

Leadership and communication are actually layers, not levels

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Subscribe to our newsletter now!