August 22nd, 2008 chris
About 95 percent of software security bugs come from 19 “common, well-understood” programming mistakes also called the 19 Deadly Sins of Software Security and they are the following:
- Buffer Overruns
- Format String Problems
- Integer Overflows
- SQL Injection
- Command Injection
- Failing to Handle Errors
- Cross-Site Scripting
- Failing to Protect Network Traffic
- Use of Magic URLs and Hidden Form Fields
- Improper Use of SSL and TLS
- Use of Weak Password-Based Systems
- Failing to Store and Protect Data Securely
- Information Leakage
- Improper File Access
- Trusting Network Name Resolution
- Race Conditions
- Unauthenticated Key Exchange
- Cryptographically Strong Random Numbers
- Poor Usability
Posted in Software Security
August 22nd, 2008 chris
Capability Maturity Model Integration (CMMI) is the integrated approach to process and product development. Over the past several years, numerous Capability Maturity Models (CMMs) have been developed. Software emgineering, systems engineering, integrated teams, risk management, and acquisition each had its own model. So industry and government collaborated to establish one model with common terminology, common appraisal methods, and common disciplines.
CMMI, although a collection of multiple models, is most closely associated with the Software and Systems Engineering Models. Therefore, it has been adopted primarily by software development organizations. The model is not prescriptive, but is a collection of best practices that, when interpreted in a specific organization, imply a quality product. There is no guarantee of quality but there is an expectation of product quality as it relates to performance.
Posted in CMMI