There’s nothing more humbling than watching actual end users struggle with your software.
Making a stronger connection between Krazy Kat (“There is a heppy land fur, fur, awaaa”) and the history of African American freedom. I had no idea that the Happy Land was real.
The connection between self-control and academic performance: “The child who could wait fifteen minutes had an S.A.T. score that was, on average, two hundred and ten points higher than that of the kid who could wait only thirty seconds.”
New Salman Rushdie short story.
Incidentally, password protected ZIP and RAR archives aren’t secure.
Last week I indulged in a little live tweeting of a webinar my firm, Veracode, did with Chanxi Wang of Forrester, following up on our recent announcement of an independent survey in which 62% of the respondents reported being breached through at least one application vulnerability in 2008.
I’ve reposted the substance of my tweets below, followed by my $0.02 on the survey:
- (1) #Veracode & Forrester app risk mgmt survey: in 2008 62% of respondents were breached thru app vulns but don’t know their app risk.
- (2) As Kaspersky breach shows, 3rd party code is a big blind spot for most orgs.
- (3) open source, outsourced and off the shelf code used frequently but 59% don’t do anything to secure OSS.
- (4) only 32% require security at all stages of sdlc.
- (5) top training method in 37% of respondents is to learn on the job from experienced devs… who can’t be hired.
- (6) False sense of security pervasive. 94% think they know security of app portfolio but 40% dont know COTS risk
- (7) ease of use plus secure plus time saving is driving factor for third party assessments.
- (8) if you outsource code, consider outsourcing security assessments too.
Bottom line: the survey results suggest that application vulnerabilities lead to real risk for a lot of companies, but most companies don’t have secure practices that cover their development or training adequately, to say nothing of the risk from third party code.