Microsoft officials credit more robust software security design with a diminished number of bugs garnering the tech giant's most severe rating.
Microsoft on Thursday released updates for three, free Security Development Lifecycle (SLD) tools designed to aid with the design and verification of applications. The updated tools - Threat Modeling Tool v3.1.8, MiniFuzz Tool v1.5.5 and RegExFuzz Tool v1.1.0 - include fixes for security and stability bugs, Microsoft said. In addition, the tools now add support for the 2010 versions of Microsoft's development environment, including Visual Studio and Team Foundation Server. Microsoft's SDL tools have been downloaded nearly 700,000 times since 2008, according to the Redmond, Wash.-based computing giant.
Software flaws provide the attack vector of many of today's largest breaches, and organizations must work to rectify those weaknesses.
Security professionals should find little comfort in the announcement over the weekend that LulzSec was folding up shop following an unprecedented, two-month-long hacking spree that left a trail of disruption and embarrassment across multiple industries.
SQL injection vulnerabilities first appeared in the 1990s, yet massive breaches in recent years prove the problem still remains a thorn in the side of security experts.
The Software Assurance Forum for Excellence in Code (SAFECode), a nonprofit seeking to advance software assurance, released on Tuesday an updated guidance document outlining the most effective secure development practices in use today. The free report builds upon the first edition by including verification methods and tools that can be used to confirm whether development teams have followed prescribed practices. The report is intended to help organizations initiate or improve their own software security programs and encourage industry adoption of secure development methods. - AM
Microsoft on Monday announced the free availability of a new software development tool designed for coders, as well as IT professionals.
2010 is on pace to become a record-setting year for software vulnerabilities, and third-party applications that are not properly patched are a major blame, according to a new Secunia report.
Sign up to our newsletters
SC Magazine Articles
- Long list of devices believed to be affected by NetUSB vulnerability
- Scammers target oil companies with sneaky attack
- CareFirst BlueCross BlueShield breached, more than one million individuals notified
- Study: Employees acknowledge risky security behavior, continue to engage in it
- Hack of airplane systems described in FBI docs raises security questions
- Hackers exploit Starbucks auto-reload feature to steal from customers
- Study: Nearly all SAP systems remain unpatched and vulnerable to attacks
- Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign
- Millions of WordPress websites vulnerable to XSS bug
- FireEye first cybersecurity firm awarded DHS SAFETY Act certification
- Thousands of Bellevue Hospital Center patients notified of data breach
- Study: 86 percent of websites contain at least one 'serious' vulnerability
- Investigation ongoing in reported multimillion member Adult FriendFinder breach
- Report: $19M breach settlement between MasterCard, Target terminated
- FTC gives thumbs up to companies that cooperate during breach probes