Wednesday, April 23, 2008

SANS: Pressure On Vendors Can Prevent Security Woes

Jeremy Kirk writes on InfoWorld:

Companies are having more success in pressuring software vendors into baking security into their products, a trend that vendors are resisting less, the director of research for the SANS Institute said Wednesday.

Before granting a contract, companies now are requiring that vendors also test software patches on systems with the same configurations as users are running, said Alan Paller of SANS, an IT training organization.

Another new trend is groups of companies agreeing on base security standards for applications and then passing those requirements onto vendors.

Web sites are rife with security problems: In 2006, the Web Application Security Consortium surveyed 31,373 sites and found that 85.57 percent were vulnerable to cross-site scripting attacks, 26.38 were vulnerable to SQL injection, and 15.70 percent had faults that could let an attacker steal information from databases.

"This is a big problem," Paller said. "We've got to get it fixed in a hurry."

More here.

0 Comments:

Post a Comment

<< Home