After a spate of hacking attacks, the Department of Homeland Security is promoting ways to make software more trustworthy.
The Department of Homeland Security has announced an initiative to shore up security by squashing software bugs. This follows a slew of high-profile attacks on government and corporate computer systems that have led to sensitive information being stolen.
The nonprofit, federally funded MITRE Corporation is unveiling several efforts aimed at helping businesses better defend their software. These include a list of the 25 most dangerous software errors, and guidance for businesses hoping to eliminate them; MITRE also offers tools to help businesses assess which vulnerabilities threaten them the most. These efforts were largely sponsored by the Software Assurance program in the National Cyber Security Division of the U.S. Department of Homeland Security, and are part of an ongoing effort to improve security in cyberspace.
MITRE's tools, the development of which DHS has funded since 2005, take a different approach to security. A common approach to securing software is to buy products—firewalls, antivirus, and so on—often without a good sense of how they interact and what protection they really offer. But MITRE's work suggests focusing elsewhere.
"What you really want to know is: What evidence do I have that I'm able to rely on my software?" says Robert Martin, principal engineer at MITRE. Instead of offering security features or products, Martin says, programmers need to focus on identifying and combating weaknesses in their code.
MITRE's list was compiled after surveying security professionals in industry, government, and academia. These experts voted on the most prevalent, most dangerous, and easiest ways to exploit vulnerabilities. The end result, Martin says, is a list of the vulnerabilities that are the most attractive to attackers.
Recent real-world attacks seem to bear out the list's rankings. For example, MITRE calls SQL injection, a technique that attacks the database of a Web application, "the knockout punch of security weaknesses." Indeed, it has been a favorite tool of two hacking groups that have been in the news: Lulzsec and Anonymous.
Data security scholar Eugene Spafford argues that the subject needs to be taken more seriously at the highest levels of companies.
Mounting threats to the security of information are forcing companies to make more sophisticated cost-benefit analyses when they craft their security strategies.
Information technology's next grand challenge will be to secure the cloud--and prove we can trust it.
Voltage is the difference of electrical potential between two points of an electrical or electronic circuit, expressed in volts. It measures the potential energy of an electric field to cause an electric current in an electrical conductor.
Most measurement devices can measure voltage. Two common voltage measurements are direct current (DC) and alternating current (AC).
Learn the fundamentals of creating an AC or DC voltage measurement system. See how to properly connect the signals to your data acquisition system for accurate acquisition.
This document is part of the How-To Guide for Most Common Measurements centralized resource portal.
View full PDF >
Listen to story > 
On Twitter
Become a Fan on Facebook
Subscribe to the Feed