DHS Guidance to Prevent Cyber Attacks
The US Department for Homeland Security (DHS) unveiled new guidance on Monday designed to improve software security in the face of the growing problem of cyber attacks.
Central to the guidance to prevent cyber attacks is a list of 25 programming errors that enable the most serious hacks to occur - and advice on how to avoid them.
It released a list of software vulnerabilities called the Common Weakness Enumeration and set up a scoring system and analysis framework which organizations can use to measure and assess the threat level posed to them by hackers.
The DHS worked with a number of security consultancies, research organizations and private companies to compile the study.
Noting that human errors in programming are the cause of most attacks, the DHS said businesses should take heed of the advice and improve their software security, investing in far more superior and secure software protection systems. It also called for better training and education for software programmers.
Common Weakness Enumeration
At the top of the Common Weakness Enumeration, the list of 25 top security software vulnerabilities, was SQL injection which tricks systems into revealing secure information on databases to outsiders.
Mitre, the federal research laboratory which was contracted by the DHS to investigate the software security issue, said this flaw lay behind many of the recent high-profile hacks that led to organizations like Citigroup, Sony, the IMF and public agencies losing secure data.
The DHS intends the Common Weakness Enumeration and the accompanying scoring system to be a standard against which companies can measure and assess their security framework, and from these results take remedial action. It hopes the guidance - which is voluntary - will spur industry into making improvements.
Alan Peller from SANs, a consultancy involved in the DHS' work, said better quality software programming was the only way in which to really stop damaging cyber attacks.
"The only possible defense is to stop the error from being in the software in the first place," he told the Washington Post.
The Common Weakness Enumeration website can be accessed here:
http://cwe.mitre.org/
Further resources:
Computer Security
Network Security Software
0 comments:
Post a Comment