[Previous entry: "Oracle Updates Leave Critical Windows Flaw"] [Next entry: "Analysis of April 2007 CPU"]
Analysis: Automated Code Scanners: False Sense of Security?
April 19th, 2007 by Pete
Post to del.icio.us
Post to Furl
Analysis: Automated Code Scanners: False Sense of Security?
"Remember when attackers were just out for fame and glory, and application security was someone else's problem? Big targets like Microsoft and Oracle drew the fire. All enterprise IT had to do was apply patches regularly and keep a properly configured firewall.
Those days are gone. Cracking corporate networks is no longer a kid's game, it's a lucrative criminal growth industry. The attackers who stole 45.6 million credit- and debit-card numbers from TJX Companies were professional enough to remain undetected for at least 10 months. Meanwhile, major software vendors, including Microsoft, have improved their security practices, which puts niche and in-house-developed software and Web applications squarely in the bad guys' sights."
Quite a nice paper
