Sign In

Communications of the ACM

ACM TechNews

Hold Vendors Liable For Buggy Software, Security Experts Say

View as: Print Mobile App Share:

Security experts from more than 30 organizations recently called on enterprises to put more pressure on security vendors to ensure secure code development. The group, led by the SANS Institute and Mitre, also released draft language for use in procurement contracts between organizations and software development firms that would leave the development firms liable for software defects.

"Nearly every attack is enabled by [programming] mistakes that provide a handhold for attackers," says the SANS Institute's Alan Paller. "The only way programming errors can be eradicated is by making software development organizations legally liable for the errors."

SANS and Mitre also released its CWE/SANS Top 25 list of the most common programming errors being made by software developers. According to the list, SQL injection errors, cross-site scripting flaws, and buffer overflow weaknesses are the most common programming errors.

From InfoWorld
View Full Article


Abstracts Copyright © 2010 Information Inc., Bethesda, Maryland, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account