Software Glitches Will Take Down Your Company
Posted by Jeff Papows on Thu, Feb 18, 2010 @ 10:39 AM
Now I know that headline may sound a bit dramatic at first but when you hear about the on-going issues at Toyota and you read a rather frightening New York Times article, "When Radiation Treatment Turns Deadly," about software glitches leading to accidental radiation poisoning, it's not a far fetched hypothesis after all.
Every day we keep learning about these software glitches that are not only affecting businesses but are also disrupting our personal lives and putting our health and safety at risk. Just this week, Alan Paller, director of research at SANS Institute was one of many pushing for dramatic change. He wrote in an email to the team at nextgov.com, "The only way programming errors can be eradicated is by making software development organizations legally liable for the errors. And that can only be done if there is a safe harbor."
There is an industry wide movement currently underway to protect software buyers from being held responsible for faulty code. This news coincides with the annual "Top 25 Most Dangerous Programming Errors" list of the most widespread and critical programming errors that can lead to serious software vulnerability. The list is the result of collaboration among SANS Institute, MITRE and top software security experts in the US and Europe. In addition to the latest rankings, acquisition experts announced new standards for contract language aimed at protecting software buyers from being held responsible for faulty code.
According to Common Weakness Enumeration (CWE), a community-developed dictionary of software weakness types, these vulnerabilities are often easy to find and easy to exploit. Much like a most wanted list, the vulnerabilities on this year's Top 25 are cited as dangerous because they will frequently allow attackers to completely take over the software, steal data or prevent software from working at all.
If ever there was a time to play closer attention to the role of IT governance, it is now. With this in mind, I'm currently working on a webinar presentation with my good friend Joe McKendrick to specifically address how glitches can take down a company. The registrations are starting to pile up and we'd love for you to join us on Tuesday, February 23 at 2:00 eastern to discuss and debate software vulnerabilities in the real world. Here's the link.