Please create an account to participate in the Slashdot moderation system


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Yeah, right. (Score 1) 534

You are right. No one is talking about absolute 100% security here. The top 25 is the most egregious and easily remedied defects. These are the easy ones folks. Ones we know alot about and know how to prevent.

We need software to be free of them because organizations are under attack through application vulnerabilities. Has anyone heard of Google/Aurora or Heartland Payment Systems? Both organizations were breached through software defects.

When the environment changes software needs to change. You wouldn't take a regular car off road into a military usage and expect it to perform well. We are expecting the software process to not change (too expensive, too hard, 100% security is impossible) yet perform well under constant scrutiny and attack.

We need to change how we build software and having customers set security requirements is the best way to do it.


Slashdot Top Deals

As in certain cults it is possible to kill a process if you know its true name. -- Ken Thompson and Dennis M. Ritchie